Can i do Multiple user VPN and different policy to access Via VPN by global protect ?

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Can i do Multiple user VPN and different policy to access Via VPN by global protect ?

L1 Bithead

Dear All

I have Palo alto FW use function VPN .So my customer would like to do policy for VPN


User A VPN to Palo Fw just access to zone internal

User B VPN to Palo FW can access to zone DMZ only

User C VPN to Palo FW can access to All zone 

this time the all VPN User can access to all zone in FW . my customer need to change it 

thank you 



Cyber Elite
Cyber Elite


You would already have the user-id information to go through and modify your security rulebase to accomplish what you are looking to do, and you would hopefully have your VPN users segmented into their own zone to make things easier. You simply need to go through and create the security rulebase entries dictating what users (or groups) should have access to what resources, and then deny anything that they should have access to. 

It sounds like whoever configured your GlobalProtect installation simply made a general allow-all rule for these users. That generally isn't what you would want to do. 

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!