GlobalProtect setup frustration

cancel
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect setup frustration

L3 Networker

Hello -

Originally, I was going to setup GP with RSA MFA using this document: "RSA SECURID® ACCESS Implementation Guide Palo Alto Networks Next Gen Firewall 8.0"

 

It is written by RSA and is woefully lacking in detail and after seven hours on the phone with Palo support I decided to abandon that idea for now.

 

At this point I'd just like to get GP working in any capacity, but I can't seem to find any documentation that speak to what I need.  I understand that everyone's cirumstances are different and documentation would be tough to write for every unique situation.  That's why I'm hoping someone is willing to get out the coloring book and crayons to help walk me though this.

 

I'd like to have an external only VPN (just about every Google search come up with either Internal only or internal/external combo setups). Portal and gateway on same device.

 

I'm fairly certain that my main issue is with step one, the configuration of the Interface.  I'm trying to follow this: https://docs.paloaltonetworks.com/globalprotect/8-0/globalprotect-admin/get-started/create-interface... but clearly not having much luck.

 

Ethernet Internet setup like this:

Interface  Type  Mgt Profile   IP Address    VR   Security Zone

eth1/1      L3      Allow-ping   Routable.10/24   vr1   Outside

 

I have another routable.20/32 for GP.

 

What's the best way to get started.  Remember, coloring book and crayons.  You're not going to offend me.

23 REPLIES 23

Nice one @Shawverr .....

 

Next!

@MickBall LOL!!  Thanks.  Next is trying to get RSA Authenticate to work.  Basically, after I enter my username and password on the client, I want a push notification to come to my phone, I click the "approve" and then I get into the VPN. 

Ok, good luck, i do have a working config for rsa fobs but thats just a radius config. I will watch out for further woes....  laters....

I actually got it to work, I thought about what you said @MickBall and opted to give that (Radius) a go, but from the RSA Cloud Administration Console (CAC).

 

In case anyone ever comes across this post:

Here is how you configure the CAC for Radius:

https://community.rsa.com/docs/DOC-75847

 

From there, just follow the usual Palo Radius addition.

 

What this gives you is from :20 through minute 1:15 of this video: https://www.youtube.com/watch?v=765nH8if-9Q

 

Big thank you to Sean Martin from Palo Tech Support.  He scheduled a call with me everyday for like a week and a half until we worked through all the issues.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!