- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-09-2015 03:40 AM
09-09-2015 03:47 AM
It's a very bad idea.
If you really want mgmt access directly from WAN; put management profile on some other L3 interface connected to WAN and restrict access within management profile and with firewall rules. This way you can also put security profiles on this rule, zone protection etc.
09-09-2015 03:47 AM
It's a very bad idea.
If you really want mgmt access directly from WAN; put management profile on some other L3 interface connected to WAN and restrict access within management profile and with firewall rules. This way you can also put security profiles on this rule, zone protection etc.
09-09-2015 06:47 AM
Hi Huddlebuy,
Personally I like to setup GlobalProtect for businesses which require remote management to the PA firewalls.. As you get a single free portal and gateway license prior to version 7 (Portal license is free).
Setup GlobalProtect and enable HTTPS and/or SSH in an interface management profile and add to the GlobalProtect Tunnel Interface.
Hope this helps.
regards,
Ben
09-09-2015 11:35 AM
I'd go a step further and restrict access for a specific set of IPs or Networks.
09-14-2015 12:33 AM
Yeah, for normal everyday access to firewall VPN client and accessing mgmt interface in LAN is the way to go. But access directly from WAN is typcially needed when something is wrong with the firewall. In that case GP might not be working and you won't be able to use such access. Then a mgmt access to WAN is needed but should only be allowed from a few IPs.
09-14-2015 10:14 AM
Thanks guys; will be configuring it behind a firewall on the OOBM link.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!