For details on cookie usage on our site, read our Privacy Policy
Forced VPN Connection with GlobalProtect
- LIVEcommunity
- Discussions
- General Topics
- Forced VPN Connection with GlobalProtect
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Forced VPN Connection with GlobalProtect
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 05:34 AM
Is it possible to force a VPN Connection so the client can only use wifi or ethernet if he is in the office or has a active VPN Connection?
- Labels:
-
Networking
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 05:42 AM
It's base on the gateway lookup resolution and you have to configure an internal gateway to do that.
and if the client is connected to the internal gateway no ipsec or vpn tunnel is mounted but you can use HIP information or login information to create your secuty rule that limit the accessible ressource for this device.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 05:48 AM
Good Morning,
If you are talking about a user who wants to connect to an internal gateway, we can configure the PANFW gateway on a VPN tunnel with in the office as well. By default the PANFW supports the SSL connection to the GP users ( whether connected internally or externally), and we have to manually configure the gateways to accept a VPN connection.
You can find the information on the below thread:
https://live.paloaltonetworks.com/message/29549#29549
Hope it helps,
BR,
Karthik
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 06:14 AM
Really important for my customer is that the client can never connect directly to the internet.
That is possible?
Sorry if I have to ask it again for my understanding, but that is absolutly important, else i need to buy a other vpn solution.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 06:35 AM
Can you elaborate more upon the requirement. Your question isn't very clear.
BR,
Karthik
- Brute Force GlobalProtect Portal via GP app in Custom Signatures
- Global Protect multiple VPN and multiple authentication methods in General Topics
- Checking if GlobalProtect status is active (connected) via script or command line in GlobalProtect Discussions
- GlobalProtect Multiple Profile in General Topics
- GlobalProtect is not authenticating via SAML while connecting via MAC-OS in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
