This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
GlobalProtect - blocking single user account
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- GlobalProtect - blocking single user account
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-21-2016 02:15 AM
We want to use an authentication profile that matches against a fairly generic LDAP AD group in the Allow list tab. Is there a way of creating exceptions to the allow list for blocking individual user accounts from using the service, should we need to at any stage?
5 REPLIES 5
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-26-2016 11:13 AM
Okay, then you would need to take them out of your authentification profile under the object tab. Under your LDAP/Radius/Whatever server there is an allow list under the advanced options. It might be worth making a VPN-Allow AD group and putting anyone who needs VPN access under that group, this would keep anybody that is not in that specific AD group access to the VPN gateway.
To my understanding their is no way to do a 'not' statement under this option.
Related Content
- Device Block List for GlobalProtect - where is it in v10.x? in GlobalProtect Discussions
- SSO with macOS devices in General Topics
- Global protect VPN disconnecting multiple times in GlobalProtect Discussions
- GlobalProtect UI with more than 1 account in GlobalProtect Discussions
- Azure SAML double windows to select account in GlobalProtect Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks