Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Global Protect's lack of connection profiles is making everyone at my company very sad

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect's lack of connection profiles is making everyone at my company very sad

L1 Bithead

We're in a situation where we have mutliple PA firewalls deployed and many of them have their own GP SSL VPN set up (e.g. Manangement range, lab, severeal different customer "islands").  The lack of "connection profiles" within the GP Client is a real pain point for us.  We've talked to our client reps about this several times, including making a feature request, and have never gotten any sort of plan or road map.  AnyConnect, Pulse Secure, even VMware NSX's SSL VPN client all support multiple connection profiles.  Is this a problem for anyone else?  If so, please chime in.  I'm sure this is not an insignificant change to the GP client, but in my view it is sorely needed.  

5 REPLIES 5

L0 Member

This is also a big pain point for me and anyone that i mention also scratches their head about why something so basic has not there out of the box, or not even added yet.

L7 Applicator

Have you looked into the "Multiple Gateway" configuration?

 - https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/globalprot...

 

In the GP Portal configuration, you can provide a long list of potential gateways that your clients can connect to (Management, Lab, Customer1, Customer2, etc.).  You can mark them as "manual", and any time a user needs to connect to the "Lab" network, they right-click the GP agent, go to the Connect screen, and select the specific gateway that they're interested in.  

We'd have to configure multiple potential gatways under each portal, which is not scalable.  There is a 1:1 relationship between portal and gateway for us.  We just need a client where we can configure multiple portals and be able to choose between them. Every other VPN client I use does this. Just sayin'.

definitely have to agree, we have portals with different configurations and would be nice to have just one portal, which would give them all the configuration they need and control their experience as necessary.

L0 Member

Hi all,

 

Just bumping this thread up. I have actually built a Windows App that will let you capture and then switch between Global Protect portals at the click of a button. 

 

Feedback so far has been positive, and as I originally suspected when building it, it is mainly VAR/MSP space that are finding it extremely useful (for obvious reasons of employees in that space having a million and one different firewalls to VPN to).

 

I'm currently running 2.3.3-5 GP Client on my machine, but I've used it on varying versions and it's always worked. I just tested it on 3.0.2-9 and it works too.

 

I'll start a new thread over the weekend with a link and details to it, I would do that now but I've had a few feature enhancement requests that I'm going to chuck in (mainly switches to the app so that you can script/use it with other third party software like Remote Desktop Connection Manager or RoyalTS), so stay tuned for more updates if you're interested. 

 

Unforutnatley, I'm not a Mac developer so it's only a Windows App, but if there is anyone out there that would like to discuss creating the Mac equivilant, then I'm happy to discuss in detail the methods I use for the Windows app, and we can try and work out the Mac eqvuiliant.

 

Cheers

  • 6268 Views
  • 5 replies
  • 4 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!