Forced VPN Connection with GlobalProtect

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forced VPN Connection with GlobalProtect

L3 Networker

Is it possible to force a VPN Connection so the client can only use wifi or ethernet if he is in the office or has a active VPN Connection?



I think that with Global protect pre logon connexion + internal detection gateway detection, it should work.

If user is at home, GP agent will try to contact corp portal and create VPN connexion as soon as the laptop is started.

block the split tunneling (route through VPN)

after that, on corp PA, create rule based on user, group, app ....

Mean all traffic have to go through vpn.

Hope help

L4 Transporter

If a user is at home, and for some reason, the VPN with HQ does NOT come up (for whatever reason), there is no way to prevent him to access the internet using his local internet line.

(The GlobalProtect client does not enforce a security policy on the local PC)

What happens in the following situation:

1) Client goes home and connects via wireless to his wifi network at home

2) GP automatically establishes a VPN to the office and sets the GP tunnel as the default route ( -> GP tunnel)

3) Client now connects a 3G dongle to his laptop and establishes a 3G connection. The 3G connection now installs a -> 3G

This would allow the client to access the internet without going via GP?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!