As the title, is this physically possible?
Long story short, have a requirement to connect remotely to a company users laptop, which is connected to GlobalProtect VPN... via remote desktop from another pc on the same companys LAN
Have attempted to connect from a pc on the company LAN to a user working from home who is connected to GlobalProtect VPN to no avail
As far as the users setup is conerned, port forwarding is configured to forward incoming RDP connections to there fixed IP laptop.
Can remote into the laptop from the same network, so know that it can physically except RDP connections but fail when connecting from a company LAN to vpn connected laptop
Can someone advise
a) If this is possible?
b) If so, how to configure to allow said connection?
This is the million dollar question... how does one check this? RDP traffic on port 3389 is allowed within the company.... but whats messing with my head is how to check if our domain / WAN will allow traffic to GlobalProtect connected clients...
Is there anyway to quickly check?
Logon to your PAN Device and check if there is a Security Rule Allowing Traffic (Policies Tab --> Security) from your TrustedZone/Lan to GlobalprotectZone application ms-rdp if not create a rule and commit.
Also you can check the traffic logs on the PAN Device under the Monitor Tab.
Hope this helps..
Im a bit confused with your rdp method.
you mentioned port forwarding which suggests that you are connecting to the users Given ISP address.
you should be able to connect if you follow the advice of @Alex_Gomez but not via the users isp but via the users ip address given by the palo alto gateway setting.
The setting that you are looking for is "User Switch Tunnel Rename Timeout"
which can be found at: Network > GlobalProtect > Portal > [portal_conf] > Agent > App -> User Switch Tunnel Rename Timeout
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!