This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Forced VPN Connection with GlobalProtect
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Forced VPN Connection with GlobalProtect
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Forced VPN Connection with GlobalProtect
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-05-2013 05:34 AM
Is it possible to force a VPN Connection so the client can only use wifi or ethernet if he is in the office or has a active VPN Connection?
Labels:
- Labels:
-
Networking
12 REPLIES 12
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-14-2013 12:58 AM
Hi,
I think that with Global protect pre logon connexion + internal detection gateway detection, it should work.
If user is at home, GP agent will try to contact corp portal and create VPN connexion as soon as the laptop is started.
block the split tunneling (route 0.0.0.0/0 through VPN)
after that, on corp PA, create rule based on user, group, app ....
Mean all traffic have to go through vpn.
Hope help
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-14-2013 01:06 AM
If a user is at home, and for some reason, the VPN with HQ does NOT come up (for whatever reason), there is no way to prevent him to access the internet using his local internet line.
(The GlobalProtect client does not enforce a security policy on the local PC)
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-18-2013 04:52 AM
What happens in the following situation:
1) Client goes home and connects via wireless to his wifi network at home
2) GP automatically establishes a VPN to the office and sets the GP tunnel as the default route (0.0.0.0/0 -> GP tunnel)
3) Client now connects a 3G dongle to his laptop and establishes a 3G connection. The 3G connection now installs a 0.0.0.0/0 -> 3G
This would allow the client to access the internet without going via GP?
Related Content
- Brute Force GlobalProtect Portal via GP app in Custom Signatures
- Global Protect multiple VPN and multiple authentication methods in General Topics
- Checking if GlobalProtect status is active (connected) via script or command line in GlobalProtect Discussions
- GlobalProtect Multiple Profile in General Topics
- GlobalProtect is not authenticating via SAML while connecting via MAC-OS in GlobalProtect Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks