This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect access policies

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect access policies

jeffrowan
L2 Linker

‎11-01-2012 02:37 PM

If I want different GlobalProtect VPN users to have access to different resources, do I need to create separate Gateways and have the GP license?

1 person had this problem.
Labels:
0 Likes Likes
5 REPLIES 5

sdurga
L6 Presenter

‎11-01-2012 03:12 PM

Hi Jeff,

If you need different users to access different resources then please create different separate gateways and this doesn't require a GP license.

Thanks,

Sandeep T

0 Likes Likes

jeffrowan
L2 Linker
In response to sdurga

‎11-05-2012 10:26 AM

Okay, thanks.  So when I create a separate Gateway, should I be able to select the same interface and IP address for it?  I haven't been able to do that.  It's not an available choice.  I select the same interface but am not able to use the same IP address.  Basically I want the same configuration but with a smaller group of host to which the traffic will tunnel for different groups of users.  Is there any documentation that shows this kind of  configuration?  Thanks.

0 Likes Likes

sdurga
L6 Presenter
In response to jeffrowan

‎11-05-2012 11:32 AM

This is expected. You cannot have two gateways with same IP address,you need two IP's. In your case I cannot think of anything which you can give different access to different hosts with one gateway. You can do this with two gateways but you are hitting the IP address problem with this option. 

0 Likes Likes

jeffrowan
L2 Linker
In response to sdurga

‎11-05-2012 12:05 PM

Okay, just so I'm clear about this.  I have one PAN firewall using one Untrust interface with an IP address.  The GlobalProtect VPN gateway configuration I have allows users to access an A.B.C.D/16 network on the Trust side of the firewall. 

But you're saying that there's no way to have another set of users use the GlobalProtect VPN to access a more limited set of hosts within that network, say A.B.C.D/24 or A.B.C.D/32.  Do I have that right?  Thanks again.

0 Likes Likes

sdurga
L6 Presenter
In response to jeffrowan

‎11-05-2012 08:13 PM

I missed a whole point of the users !!my bad. You can do it with source users.

Create a Global protect gateway allow a A.B.C.D/16 network for all users.

Now create security policies based on users and in security policies you can allow certain users to reach certain hosts.

  • 3764 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks