SSL VPN and iPhone OS 4.0

Showing results for 
Search instead for 
Did you mean: 

SSL VPN and iPhone OS 4.0

L4 Transporter

I was looking at the new specs for the 4.0 code of the iPhone OS, and saw that they were opening up the SSL VPN function to Juniper and Cisco.

Any chance Palo Alto is working on a NetConnect app for the iPhone?


They've intergrated GlobalProtect and NetConnect now. I would read over the 4.1 release notes. That should clear up and questions.

is there a howto? I don't get the portal up....i must miss something.

I need classic SSL VPN with OS4.1 and IPsec XAuth

I'll be setting it up the same way.  I'm going to wait at least a couple of weeks before installing 4.1 though.  Been burned too many times lately...

A tech note detailing the steps for iOS connectivity is now posted in the tech docs section. Take a look and feel free to post if you run into issues.

Tech Docs


Got this set up and working today. No problems at all and quite easy to set up. now connecting via my iPad VPN clinet to my network. All good.

Dosn't work for me.

Tunnel Gateway Adapter must be the loopback device? Can't I use directly the external device? Also in the Cetificate can't I not use directly the official IP on the external interface?


You can use your external address. I've attached a screenshot of the common components for the PA/IOS VPN.


For troubleshooting I tried the global protect portal.

on a inside interface it is working on a external interface it is not working.

I see the deny in the monitor, but when i create a access rules i don't see the allow on that interface.

I added a second ip to the interface and used this for the global protect portal. The Ceritificate Page in the browser is popping up now, but then it keep in the waiting state. No login page to the portal.

Why is it not working with the primary ip in the interface?? I don't have any nat on that port on this ip.

Tested in on a other firewall and it works there....

Somehow I can't use the external interface on the pa2050 for ipsec / SSLVPN. Are there any reason why this is the case?

Also how should we proceed if port 443 is allready occupied with a nat rule?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!