06-24-2013 04:29 AM
Hello
I have PA200 without licence for second GP Portal.
I did a second gateway because I thought that this should solve my problem.
I need to let access to some website to my users but with my IP address. Thease people has accounts on radius server. I did second gateway for them.
I have separate IP and SSL certyfiacate for this, separate config (different VPN network, tunnel interface, authentication profile).
But when I try to point to GP Client to use gateway2 as a portal it's complain about certificate. I know that I sould put there a portal url not gateway! - but how to tell to GP client to use second gateway?
On my first gateway are logging peopple that has accounts on ActiveDirectory or locally on PA device.
I thought of using only one gateway but then I will be unable to recognize users in security policies (create rules for users fro AD different that from Radius.)
sorry for my english ... but I hope that you undertand what I'm trying to do.
If I'm wrong - in which situation we are using more than one gateway?
With regards
Slawek
06-24-2013 04:47 AM
"But when I try to point to GP Client to use gateway2 as a portal it's complain about certificate"
You can't do that.every client should connect to portal first.
you need a license for 2 gateways
without license you can only use
2portals each have one gateway
06-24-2013 04:34 AM
you configured 2 portals and 2 gateway ?
06-24-2013 04:43 AM
I configured one portal and two gateways.
06-24-2013 04:47 AM
"But when I try to point to GP Client to use gateway2 as a portal it's complain about certificate"
You can't do that.every client should connect to portal first.
you need a license for 2 gateways
without license you can only use
2portals each have one gateway
06-24-2013 06:52 AM
Good Morning Slawek,
For a multiple gateway scenario, ensure that you have the multiple gateway licenses. In addition to that, the GP users when connecting to the firewalls, would always first authenticate on the portal and then to the gateway. If the users have to be authenticated via Radius, create an authentication sequence that uses both the LDAP and the Radius and use this sequence under the portal authentication, so that if the users connecting to the gateway2, cannot be authenticated via LDAP, then they can fall back to the Radius Authentication.
Once they get authenticated, they next connect to the gateway. Ensure that you are using the same Radius server for authenticating when connecting to the Gateway.
We can connect to a gateway manually. See the below link that has a video explaining the same:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!