How to setup connection to multiple customers using Global Protect VPN Client

Reply
Highlighted
L0 Member

How to setup connection to multiple customers using Global Protect VPN Client

I have 5 different Customers that use Global Protect for VPN access.

Is there a way to have multiple settings files, or multiple instance of the Global Protect VPN client installed.

 

Did I miss something that would allow me to select from multiple Customer when using the VPN client?

 

Thanks...

 

Highlighted
Community Team Member

Hi @RubberToe,

 

This is currently not a feature.  Please reach out to your local SE and have him add your vote to the already existing feature requests for this (FR ID 3520 and ID 6137).

 

That said, the following discussion from a while ago might help you :

 

https://live.paloaltonetworks.com/t5/General-Topics/Global-Protect-Profile-Switcher/m-p/83101#M43311

 

Hope it helps !

-Kiwi

 

 

 

L3 Networker

You should be able to solve your problem by this method:

 

Logon to your FW and browse to: NETWORK >>> GLOBAL PROTECT >>> GATEWAYS

 

You can setup mutliple GlobalProtect gateways.  Each gateway has an Interface, a public IP and a unique Auethentication profile.  This should allow you to setup each client's GlobalProtect VPN and then write FW rules separately for each.

 

Another way to do it is to setup multiple VSys's to host each GlobalProtect instance. 

Highlighted
L4 Transporter

I will second @davanderson 's suggestion for the multiple gateways.  This is exactly how I'm doing things to have a general use VPN as well as a IT only VPN that will ultimately provide secure access to all of our management networks.

 

Multiple gateways also allows you to have different configurations for the network routing... our general use VPN allows for split-tunneling but the IT management VPN does not (the idea being, if you're connecting to restricted networks, I want to see and analyze ALL of your traffic for security reasons).

 

User's who have access to multiple gateways will only have the primary gateway to connect to the first time but, afterwards, they can right click on the GP icon in the system tray and the "Connect" option will now have a flyout that lists the gateways they have security permissions to connect to.  Choosing one will continue with the standard connection process.

 

The only issue is that GP sometimes forgets it's config and users have to re-connect to the primary gateway again before it will list the other gateways they have access to.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!