This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Global Protect and two gateway

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect and two gateway

Go to solution
_slv_
L4 Transporter

‎06-24-2013 04:29 AM

Hello

I have PA200 without licence for second GP Portal.

I did a second gateway because I thought that this should solve my problem.

I need to let access to some website to my users but with my IP address. Thease people has accounts on radius server. I did second gateway for them.

I have separate IP and SSL certyfiacate for this, separate config (different VPN network, tunnel interface, authentication profile).

But when I try to point to GP Client to use gateway2 as a portal it's complain about certificate. I know that I sould put there a portal url not gateway! - but how to tell to GP client to use second gateway?

On my first gateway are logging peopple that has accounts on ActiveDirectory or locally on PA device.

I thought of using only one gateway but then I will be unable to recognize users in security policies (create rules for users fro AD different that from Radius.)

sorry for my english ... but I hope that you undertand what I'm trying to do.

If I'm wrong - in which situation we are using more than one gateway?

With regards

Slawek

Labels:
0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
panos
L6 Presenter
In response to _slv_

‎06-24-2013 04:47 AM

"But when I try to point to GP Client to use gateway2 as a portal it's complain about certificate"

You can't do that.every client should connect to portal first.

you need a license for 2 gateways

without license you can only use

2portals each have one gateway

View solution in original post

0 Likes Likes
7 REPLIES 7

Go to solution
panos
L6 Presenter

‎06-24-2013 04:34 AM

you configured 2 portals and 2 gateway ?

0 Likes Likes

Go to solution
_slv_
L4 Transporter
In response to panos

‎06-24-2013 04:43 AM

I configured one portal and two gateways.

0 Likes Likes

Go to solution
panos
L6 Presenter
In response to _slv_

‎06-24-2013 04:47 AM

"But when I try to point to GP Client to use gateway2 as a portal it's complain about certificate"

You can't do that.every client should connect to portal first.

you need a license for 2 gateways

without license you can only use

2portals each have one gateway

0 Likes Likes

Go to solution
kprakash
L5 Sessionator

‎06-24-2013 06:52 AM

Good Morning Slawek,

For a multiple gateway scenario, ensure that you have the multiple gateway licenses. In addition to that, the GP users when connecting to the firewalls, would always first authenticate on the portal and then to the gateway. If the users have to be authenticated via Radius, create an authentication sequence that uses both the LDAP and the Radius and use this sequence under the portal authentication, so that if the users connecting to the gateway2, cannot be authenticated via LDAP, then they can fall back to the Radius Authentication.

Once they get authenticated, they next connect to the gateway. Ensure that you are using the same Radius server for authenticating when connecting to the Gateway.

We can connect to a gateway manually. See the below link that has a video explaining the same:

https://live.paloaltonetworks.com/videos/1275

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks