This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.

Is it possible to force a specific user to use SSL over IPSEC to setup a tunnel to Globalprotect

DaxVC
L2 Linker

‎07-16-2019 06:47 AM - edited ‎07-16-2019 06:51 AM

One user of our company has an issue connection to the GlobalProtect Gateway using IPSEC, but there is also no fallback to SSL.

His ISP carrier is using "Carrier Grade NAT" and this is likely the cause of his issue.

 

I know that we can force SSL connections on the Gateway, but this is a global setting and will be affecting all users, I just want this specific user to use SSL instead of IPSEC....( is there a client side setting allowing this ?)

2 people had this problem.
0 Likes Likes
4 REPLIES 4

Mick_Ball
L7 Applicator

‎07-16-2019 01:20 PM - edited ‎07-16-2019 01:21 PM

Hmmmm.... yes and no... or no and yes...

We have a similar issue and the easy answer to you question is “NO”.

 

however... we are quite fortunate in having gateway subscription and plenty of ip’s to hand... so we have a portal config that uses gateways for ssl only..

 

probably not what you are after but there is no other option as ipsec is a global setting per gateway.

 

How  many gateways do you have.. you could just make a couple of them ssl only..... do you prefer ipsec to ssl? If not then remove ipsec altogether....

 

HTH.

 

DaxVC
L2 Linker
In response to Mick_Ball

‎07-16-2019 10:55 PM

Thanks for the clear answer.

 

We also have plenty of IP's left but we are not goign to waste these precious IP's for a solution for only 1 user at this moment 🙂

We will figure something out...( block IPSEC traffic on the client forcing to use SSL instead or so )

0 Likes Likes

engmohamin
L0 Member
In response to DaxVC

‎09-14-2021 02:00 AM

Hi

How can I block IPSEC traffic on the my windows 10 to force client to use SSL

Thanks 

0 Likes Likes

panos
L6 Presenter

‎09-14-2021 06:03 AM

Hi,

I think you do not need to do this on client

There is an option in global protect portal / agent/ rule (which you can write a rule for specific user) - apps tab  - Connect with SSL Only

Make this yes for only this user

 

Regards

0 Likes Likes
  • 8647 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks