GlobalProtect multiple gateways

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect multiple gateways

L2 Linker

Hi All,

 

Similar to a Cisco ASA tunnel-group configuration where we can have different VPN configurations using the same public IP, I wonder if similar configuration can be achived on Palo Alto. My objective would be to configure different gateways using the same public IP address, however i haven't yet grasp how can i specify which gateway to use when establishing a VPN connection.

 

Could some one explain if this can be achieved or point me to the proper documentation?

 

TIA

2 REPLIES 2

Cyber Elite
Cyber Elite

What exactly are you looking to accomplish? You can certainly have multiple different gateways on the same public IP through utilizing loopback interfaces and configuring your NAT rule base properly. There's a chance though that what you're used to using tunnel group configurations for doesn't require multiple gateways when it comes to PAN. 

Hi @BPry 

 

Thank you for your reply. I do need to configure a full and split tunnel on the same public ip address, in fact i was able to achieve this by specifying which users are full tunnel in the agent > client settings. However for our deployment this is not very flexible, my client wants to be able to chose which type of VPN he/she wants. My objective is then to configure on the same firewall a full and split tunnel VPN using the same gateway of multiple gateways, i am actually intregued on how i could use NAT to achive this. 

 

I was only able so far to find documentation about distributed gateways, it would be kind if you could provide some guidelines on how i could configure a full and split tunnel vpn on the same firewall or to point me out to proper documentation that i can read about. 

 

TIA

  • 1758 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!