Forced VPN Connection with GlobalProtect

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forced VPN Connection with GlobalProtect

L3 Networker

Is it possible to force a VPN Connection so the client can only use wifi or ethernet if he is in the office or has a active VPN Connection?


L4 Transporter

It's base on the gateway lookup resolution and you have to configure an internal gateway to do that.

and if the client is connected to the internal gateway no ipsec or vpn tunnel is mounted but you can use HIP information or login information to create your secuty rule that limit the accessible ressource for this device.

L5 Sessionator

Good Morning,

If you are talking about a user who wants to connect to an internal gateway, we can configure the PANFW gateway on a VPN tunnel with in the office as well. By default the PANFW supports the SSL connection to the GP users ( whether connected internally or externally), and we have to manually configure the gateways to accept a  VPN connection.

You can find the information on the below thread:

Hope it helps,



Really important for my customer is that the client can never connect directly to the internet.

That is possible?

Sorry if I have to ask it again for my understanding, but that is absolutly important, else i need to buy a other vpn solution.

Can you elaborate more upon the requirement. Your question isn't very  clear.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!