05-12-2010 10:55 AM
I was looking at the new specs for the 4.0 code of the iPhone OS, and saw that they were opening up the SSL VPN function to Juniper and Cisco.
Any chance Palo Alto is working on a NetConnect app for the iPhone?
11-07-2011 12:02 AM
Dosn't work for me.
Tunnel Gateway Adapter must be the loopback device? Can't I use directly the external device? Also in the Cetificate can't I not use directly the official IP on the external interface?
11-07-2011 04:09 AM
For troubleshooting I tried the global protect portal.
on a inside interface it is working on a external interface it is not working.
I see the deny in the monitor, but when i create a access rules i don't see the allow on that interface.
11-07-2011 05:58 AM
I added a second ip to the interface and used this for the global protect portal. The Ceritificate Page in the browser is popping up now, but then it keep in the waiting state. No login page to the portal.
Why is it not working with the primary ip in the interface?? I don't have any nat on that port on this ip.
11-07-2011 07:30 AM
Tested in on a other firewall and it works there....
Somehow I can't use the external interface on the pa2050 for ipsec / SSLVPN. Are there any reason why this is the case?
Also how should we proceed if port 443 is allready occupied with a nat rule?
11-07-2011 09:47 AM
Anyone tried connecting an Android device yet?
11-07-2011 02:56 PM
@toddnva:
I have been looking for an Android client that does not require rooting the device. At this point in time I have not found one. If you are aware of one I will happily test in my lab and make sure the results are made available to our entire community.
-Benjamin
11-08-2011 03:19 AM
Android OS 4 (ice cream thingy) will have support for IPSEC VPNs. Lets hope the developers get their act together and have an IPSEC client created for it's release which should be sometime in November. Until this happens I don't know of any other way of getting a legitimate droid device VPN'ing through the PA.
Rod
11-08-2011 05:39 AM
When PAN first told me about supporting iOS, they said it should also work with Android, but wouldn't initially be officially supported. I guess not... Hopefully ICS will support it.
11-16-2011 12:04 PM
Is there a Windows client that supports this as well?
11-16-2011 03:36 PM
@toddinva:
Windows support for SSL VPN on PAN-OS has existed for some time. 4.1 PAN-OS converts NetConnect to GlobalProtect on the Windows client side.
-Benjamin
11-17-2011 06:39 AM
I realize that. I was just thinking that there have been instances where the NetConnect client didn't work right and using another client might be beneficial. I haven't used the GlobalProtect client yet, so I don't know how well that one works.
12-10-2012 07:09 AM
Guys the supplicant native to Phones and IPSec in general use XAUTH, certificate authentication. We developed a solution in house that does just that, profiles for VPN and Wifi and connecting them to the PAN agent. Works on Android, Blackberry, IOS and Symbian etc. If your phone has VPN settings the XAUTH is usually the way to go. That way when they upgrade you don't need your VPN client to upgrade as well.
Same for Wifi. The key thing here is client auth certificates replace credentials such as Windows etc. General use of a single p12 per client and OSCP or a CRL makes PAN able to use the same cert for Wifi, VPN and SSL Decryption (even wired if you want to go 802.1X).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
