GlobalProtect Multiple Portal Support

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Multiple Portal Support

L1 Bithead

I have  GlobalProtect 4.1.3-8 and durning the install I added to portails and there is now a portal selection at the bottom but ater make a connection it is always grey and I see no wat to log out of the current connection.

 

This is on a Windows 7 install so I'm guessing it works in Windows 10 or I'm missing a disconect option someplace. ???

1 accepted solution

Accepted Solutions

HKEY_CURRENT_USER\Software\Palo Alto Networks\GlobalProtect\Settings      

the key is LastUrl

 

 

 

View solution in original post

11 REPLIES 11

L7 Applicator

You may be guessing wrong, i would check the portal app settings on the firewall to see if you are allowed to do what you hope to do.

 

you may be set to always on and denied change portal address, this will overide any previous settings on connection.

So I’m a user of the client software and need to connect more than one customer and customer A can block me from connecting to customer B or anyone else? I have to uninstall and reinstall to connect another portal? Seems kinda odd. 😞 Not sure why they would do this as customer A itself has more than one portal for their organization. ???

 

" i would check the portal app settings on the firewall " The Windows firewall? I only have the client.

" i would check the portal app settings on the firewall " The Windows firewall? I only have the client.

 

no sorry, the palo alto firewall you are connecting to...

the GP settings are under  Device\Network\Portal\Agent\Configs\App

 

we have 6 portals and all are set to deny users changing portal address.(prevent users tamporing)

 

however, our 7th one is for 3rd party support and this allows them to change portals.

 

so perhaps the PA administrator is not aware of the issue he is causing and could create a seperate config on the same portal to allow you to change addresses.

if you need further advice on this then no problem but you of course will not be able to modify the PA settings.

 

Also... it is not uncommon to use a seperate VM for different VPN's.

 

 

also2.   if you need to connect to other URL's then simply have a reg key on your desktop to change portal in the registry but you will need to restart the PANGps service to swap...

 

 

Not sure how this stops tampering. I can see an over the top IT department wanting it but not really stopping anything. Oh well.

 

That sounds loads better than keeping a number of VMs going or reinstalling. I do use a VM for my various VPN connections and was hoping to not have to make more.

 

Just search the registry for the portal address?

 

Thanks for the info.

L1 Bithead

P.S. I terribly miss Mr. David Robert Jones. 😞

 

Aside from enjoying his music, in every interview I saw of him, he seemed like a nice guy.

HKEY_CURRENT_USER\Software\Palo Alto Networks\GlobalProtect\Settings      

the key is LastUrl

 

 

 

yeah, big part of my life back in the 70's, my brother was a zillion times more of a fan and i lost him last year so me little piccy is a tribute to him aswell...

 

the tampering thing...

 

we have over 8000 GP users and as soon as they cannot connect (usually wifi issues) they will modify the portal address cos they know best....   this would generate thousands of calls so we tie it down.

 

we also set to "always on" as we do not allow access to any other network apart from ours.

 

this is company policy so i have no say...

 

Laters...

I had found the portal folders but not that key. Thanks!

yes its not in the portal folders, its in settings.

Understood, I just meant before your last reply I’d found the folders but did not know what key I was looking for. Just exporting the Settings folder worked as the last portal used was one that allowed disconnects. Too bad they can’t just lock the portal address once added and still let people disconnect.

Thanks again.

  • 1 accepted solution
  • 14988 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!