Restricting Global protect VPN access to specific countries

Reply
Highlighted
L1 Bithead

Restricting Global protect VPN access to specific countries

How to configure Global Protect vpn users to access from only specific countries ?


Accepted Solutions
Highlighted
L7 Applicator

Re: Restricting Global protect VPN access to specific countries

also... in version 8.something you can offer gateways dependant on what country the user is connecting from...

 

network/portal/agent/configs/external

 

this is the help link...

 

Source Region—Source region for client devices. When users connect, GlobalProtect recognizes the device region and only allows users to connect to gateways that are configured for that region. For gateway choices, source region is considered first, then gateway priority.

 

 

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: Restricting Global protect VPN access to specific countries

You can create an inbound VPN security policy that is only allowing from those geographical regions, the firewall has built-in regions that you can choose from or you can define your own

 

On my lab device I have it setup to do this. depending on your topology/config it may vary but should be easily accomplished and you can narrow it down to the layer 7 specific apps as well

Highlighted
L7 Applicator

Re: Restricting Global protect VPN access to specific countries

also... in version 8.something you can offer gateways dependant on what country the user is connecting from...

 

network/portal/agent/configs/external

 

this is the help link...

 

Source Region—Source region for client devices. When users connect, GlobalProtect recognizes the device region and only allows users to connect to gateways that are configured for that region. For gateway choices, source region is considered first, then gateway priority.

 

 

View solution in original post

Highlighted
L1 Bithead

Re: Restricting Global protect VPN access to specific countries

Thank you hshawn.

Highlighted
L1 Bithead

Re: Restricting Global protect VPN access to specific countries

Thank you MickBall. I have 8.1.0 version and this is the vpn setting i was lookin for. 

Highlighted
L1 Bithead

Re: Restricting Global protect VPN access to specific countries

I tried this as shown below, but did not work as expected. Global protect can still connect from other countries. I have only one portal and one gateway.

Capture.JPG

 

Highlighted
L7 Applicator

Re: Restricting Global protect VPN access to specific countries

What happens if you remove the “Any” from region settings...

Highlighted
L1 Bithead

Re: Restricting Global protect VPN access to specific countries

same effect without "Any". i already tried this.

Highlighted
L7 Applicator

Re: Restricting Global protect VPN access to specific countries

OK worth a try.. I must admit I have never used it but I just noticed the option when was looking into gateway priority.

 

If it's causing an issue perhaps it should be logged as a fault with support.

 

going by the documentation, it should work.

 

can you confirm that your PA is deffo recognising the regions you are connecting from.

Highlighted
L1 Bithead

Re: Restricting Global protect VPN access to specific countries

In the log, source country is showing corrctly. 

Also "show location ip x.x.x.x" is showing correct country

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!