05-16-2017 05:46 AM
Does anyone have a good solution/setup for providing external clients with VPN access? Not regular users/company employees.
We need to be able to provide these external clients access to different resources internally. IE webpages, server access using RDP etc. We would like to tie this into AD also. I would prefer not to have to create a gateway/portal for each and every vendor/client. Almost need a way to do some sort of mapping based on AD username or groups using one gateway/portal.
Thanks
05-16-2017 05:51 AM
How many is many and what blocks you using single gateway and limit access with Security Policies?
05-16-2017 06:56 AM
Maybe 30-50 right now and can/will probably grow.
I'm new to Palo, so there might be away as you suggested single gateway, just not sure how to do it. Any documentation etc on it?
Currently we have GP setup for our employess using machine certs, AD and a few other checks. But I don't want to touch that as it is working nicely.
Thanks
05-16-2017 10:45 AM
Hey if your internal users use cert and 3rd parties not then set up 2 gateways.
In portal config you can point users in 3rd party Active Directory group to 3rd party gateway.
Place tunnel interface of 3rd party into seperate zone to make security policy setup easier.
Allow traffic from 3rd-party-globalprotect zone only to limited destinations. Based on source user you can permit specific users to specific resources.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
