GP VPN client vs native OS VPN client

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GP VPN client vs native OS VPN client

L4 Transporter

I am trying to decide whether to put global protect clients on all the users or just use the native VPN client included in the OS. Is there an advantage to using the GP client over a native client

8 REPLIES 8

L4 Transporter

Hello jprovine,

You will need to install the client in order to establish the VPN. Luckily it can be easily distributed to your users with a GPO or your users can browse to the portal, log in and download the client software with it already configured.

For more information you can check out the admin guide:

GlobalProtect Administrator's Guide 6.1 (English)

and the product site:

https://www.paloaltonetworks.com/products/technologies/globalprotect.html

Personally I have no issues with the client, its brilliant when combined with HIP checks and has clear to read debug logs if there are any issues.

thanks,

Ben

I am already using the global protect  client and know how to install it and configure it. My question was in the future on new machines is there any advantage to using the native VPN client in the OS or the palo alto global protect client

Hello

It's depends on what OS are You have.

ie. for android/iOS devices You have to buy licene to use GP client - so using native is free of charge but You can't use HIP application VPN and so on...

Regards

SLawek

Windows 7 pro, Win 8.1 and Windows 10

Did You read Mobile Security ? there is a lot of advantage of using GP - it's depends on Your needs.

For me for Windows OS GP is the best option, its free, You can use different logon serwers (AD/Radius etc) and avery user use their passwords.

With other than GP client You have to share X-ayth password for example for Linux VPN clients.

Regards

SLawek

I have done some research lately regarding Windows native VPN client support with PAN and come to conclusion that none of Windows native VPN connection methods are compatible with PAN-OS. Smiley Sad

PAN-OS (7.0) does not support L2TP, PPTP or SSTP tunnel protocols which Windows VPN client supports for remote access. However PAN-OS does support IKEv2 which Windows 7 and up also supports but none of Windows supported authentication methods for IKEv2 are compatible with current PAN-OS releases (up to 7.0).

So with Windows you are currently stuck with Global Protect client or you need some 3rd party IPsec client like Shrew Soft VPN or GreenBow VPN Client.

If someone has gotten Windows VPN IKEv2 to work with PAN-OS I would be very happy to learn how 🙂

Cheers,

Tomi

>If someone has gotten Windows VPN IKEv2 to work with PAN-OS I would be very happy to learn how 🙂

PAN OS 7.0 Smiley Happy

https://www.paloaltonetworks.com/documentation/70/pan-os/newfeaturesguide/vpn-features/ikev2-support...

gives us this functionality.

I'm on 6.1.4 so I can't test it now.

Regards

Slawek

Really I have people using the native OS client to connect via there pc and phones

  • 6605 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!