GlobalProtect configuration problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect configuration problem

L1 Bithead

Hi,

i have configured GP for remote access, and now i want to test connectivity but the problem is when i try to connect with my web browser on https://<pub_ipaddress> i dont get download site for GP client.

One more interesting thing is that i have published this pub_ipaddress and port 443 for mail server. Can this be in the way or else?

I used GP-configuration guide for this is my 1st time.

Settings are:

- tunnel in inside zone - with local ip add

- gp gateway - basic configuration

- portal - basic configuration

- security policy -  permited all

- auth - local database

- certificates - created

- i didnt configure ike, ipsec, they are defaults

Thnx,

1 accepted solution

Accepted Solutions

L6 Presenter

Hi,

Global protect portal page can be accessed only via https on port 443. So if you have another service like a mail server running on the same ip and port combination then you have a conflict and you cannot get both of the services working. You can try the following workaround stated in the below doc where you are using the same public ip address but a different port for the global protect portal. In this situation you will nat u r public ip and a port combination to an internal ip and 443 port combination. So for example if you type https://public_ip:7000 then it will be nat'ed to internal ip and 443 port and you can configure this internal ip as the portal ip in the global protect portal configuration.

https://live.paloaltonetworks.com/docs/DOC-3457

Tx,

Sandeep T

View solution in original post

2 REPLIES 2

L6 Presenter

Hi,

Global protect portal page can be accessed only via https on port 443. So if you have another service like a mail server running on the same ip and port combination then you have a conflict and you cannot get both of the services working. You can try the following workaround stated in the below doc where you are using the same public ip address but a different port for the global protect portal. In this situation you will nat u r public ip and a port combination to an internal ip and 443 port combination. So for example if you type https://public_ip:7000 then it will be nat'ed to internal ip and 443 port and you can configure this internal ip as the portal ip in the global protect portal configuration.

https://live.paloaltonetworks.com/docs/DOC-3457

Tx,

Sandeep T

This document is a lifesaver Smiley Happy, great job. I managed to download GP client, but now when i try to connect i get not connected msg. I put my credentials and public-p:7000, thed tried public-ip, but nothing hapens.

It is confusing, do you have anything about this?

thanks in advance

  • 1 accepted solution
  • 2286 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!