PA-200 with DHCP assigned Internet IP and GlobalProtect using self signed certs

Showing results for 
Show  only  | Search instead for 
Did you mean: 

PA-200 with DHCP assigned Internet IP and GlobalProtect using self signed certs

Not applicable

Hello everyone, trying to find a how-to or config guide on how to configure PA-200 that has 2 interfaces configured, eth1/1 and eth1/2 runnin PANOS v5.0.8, downloaded and activated 1.2.7 GP client on the PA-200.

eth1/1 is in untrust zone and setup with ip using dhcp from the ISP

eth1/2 is in trust zone and setup with

I would like to setup GP on this device with self signed certs for the ca-root and cert to use for gp. the eth1/1 interface (internet) is setup with DDNS, so the fqdn is resolveable to the dhcp assigned ip from outside.

I tried to follow the typical "how to setup gp" docs from the PA KB site, checked out some videos on pa support site, saw some other docs about gp and dual isp etc, but cant find a comprehensive doc that explains what I am trying to do. any help would be appreciated. thank you,


L4 Transporter


This setup should be no different from a regular GP gateway and Portal configuration, even with the gateway L3 interface in DHCP mode. What issue do you see when you configure this?




VinceM, I cannot find this Quick start Guide Global Protect V2 on PA Support site, I found one but its in japanese.

apasupulati, I read this document and its got some good info, yet not complete info. I also read the and its also good doc but most of its screenshots are for 4.x and the document is still missing complete instructions.

The issue I have is I have followed all these documents and to my knowledge configured everything the way it should be but yet when I try to access the external IP of my firewall I dont get the portal page and also port 443 on the external interface is not responding to any port checks.

I see documents that say you have to enable https mgmt profile to the external interface, i also see docs that talk about you need routing to be configured between tunnel.1 interface and trust, I also see docs about giving the tunnel.1 doc an ip address, also there are different docs about server cert or server cert with ca on PA box. so my problem is that there are documents all over the place with each document different info from the others, I am just trying to find out if there is a single doc or something that exists that walks you through from head to tail on configuring this GP on a small scale for user VPN access only. on top of all that, how to on split tunnel VPN would be a good help. thank you

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!