GP for many external clients

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GP for many external clients

L1 Bithead

Does anyone have a good solution/setup for providing external clients with VPN access?  Not regular users/company employees.

 

We need to be able to provide these external clients access to different resources internally. IE webpages, server access using RDP etc.  We would like to tie this into AD also.  I would prefer not to have to create a gateway/portal for each and every vendor/client.  Almost need a way to do some sort of mapping based on AD username or groups using one gateway/portal.

 

Thanks

 

 

3 REPLIES 3

Cyber Elite
Cyber Elite

How many is many and what blocks you using single gateway and limit access with Security Policies?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Maybe 30-50 right now and can/will probably grow.

 

I'm new to Palo, so there might be away as you suggested single gateway, just not sure how to do it.  Any documentation etc on it? 

 

Currently we have GP setup for our employess using machine certs, AD and a few other checks.  But I don't want to touch that as it is working nicely.

 

Thanks

Hey if your internal users use cert and 3rd parties not then set up 2 gateways.

In portal config you can point users in 3rd party Active Directory group to 3rd party gateway.

Place tunnel interface of 3rd party into seperate zone to make security policy setup easier.

Allow traffic from 3rd-party-globalprotect zone only to limited destinations. Based on source user you can permit specific users to specific resources.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 2293 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!