For details on cookie usage on our site, read our Privacy Policy
Forced VPN Connection with GlobalProtect
- LIVEcommunity
- Discussions
- General Topics
- Forced VPN Connection with GlobalProtect
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Forced VPN Connection with GlobalProtect
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 05:34 AM
Is it possible to force a VPN Connection so the client can only use wifi or ethernet if he is in the office or has a active VPN Connection?
- Labels:
-
Networking
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 07:00 AM
The Requirement from the Customer say that the Laptop are not allowed to be exposed to the internet.
As soon the Laptop is connected to a network it has to establish a vpn or disable the connection.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 07:50 AM
You can leverage the single sign on feature, so when the laptop having the agent on it, connects within the network and has been successfully authenticated, a VPN tunnel gets established and he can go out to the internet via the tunnel. If he fails to get authenticated, the user will get identified as an unknown user, and we can configure a rule to block all unknown users. That way he cannot get access to the internet, although he is connected internally in the network. Like Gregoux mentioned as well, you can use the hip checks to deny access to the machines if they do not match a config criteria.
BR,
Karthik RP
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 11:11 PM
You can create split tunnel by configuring access routes in the global protect gateway.
This way with security policy you can only allow access to ip address that you want and block access to the rest with the security policy.
Hope this helps.
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-11-2013 11:29 PM
Where can I configure a rule on the client side that if he is a unknows user traffic is blocked? On the Firewall of course...but on the laptop??
At home there is no PA to configure such things.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-13-2013 11:39 PM
I got a test licesne for globalprotect HIP.
Well I'm pretty sure now there is no way I can force a laptop user that he has to be connected to the vpn to be able to use the internet. In HIP I can't check if he can reach a public ip adress and there is also no way to place a firewall rule that would block his traffic if the vpn is not connected.
I need to buy now a Cisco VPN....
- Global Protect multiple VPN and multiple authentication methods in General Topics
- Checking if GlobalProtect status is active (connected) via script or command line in GlobalProtect Discussions
- GlobalProtect Multiple Profile in General Topics
- GlobalProtect is not authenticating via SAML while connecting via MAC-OS in GlobalProtect Discussions
- Strange errors with Globalprotect and PANOS 10.2.3-h2 in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
