GlobalProtect : Need a VPN that separates users into different VLANs; is this possible w/o Panorama?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect : Need a VPN that separates users into different VLANs; is this possible w/o Panorama?

L0 Member

I need my client VPN to support different vlans based upon authentication to either Microsoft NPS or LDAP groups.
I want a different vlan/IP assigned to the user depending on which group in Active Directory they are in.

Is this configuration possible without purchasing Panorama? 

Thanks!

1 REPLY 1

L2 Linker

Hi!

 

In the Gateway configuraiton, you can assign the client configuration to apply specifically to a group of users. In the client configuartion, you can choose the IP pool and the access route.

 

Network > GlobalProtect > Gateways > Agent > Client Settings

 

User/User Group tab
Specify the user or user group and client operating system to which this agent configuration applies.
User/User Group
Add a specific user or user group to which this configuration applies.
Note: You must configure group mapping (Device > User Identification > Group Mapping Settings) before you can select users and groups.
You can also create configurations that are deployed to agents or apps in pre-logonmode (before the user logs in to the endpoint) or configurations to deploy to anyuser.

Furthermore, when the user connects to GlobalProtect, the firewall will save the user to IP mapping, you can simply configure security policies based on the user group.

 

I'm not sure how Panorama is relevant here, you can do the above with or without Panorama.

 

Hope it helps.

 

Best regards,

Haytham

__________
Thank You Mario! But Our Princess is in Another Castle!
  • 3601 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!