09-02-2025 07:35 AM
Trying to setup GP for a scenario. One large org, multiple entities/departments that will require different policies, HIP checks, some will be manual connection, some will be always on.
The requirements that we would like to have are:
1 URL for all users to type in a browser to download client if need be, and same URL to be the entry for their client.
I have tried one portal and one gateway with multiple agent configs but the HIP checks are the blockers as it seems you cannot have HIP check messages per agent config or per AD user group.
How are others achieving this?
We do not want endpoints that are different, for example, dept1@domain.com, dept2@domain.com
for the GP gateways.
09-02-2025 09:45 AM
You can have 1 portal (so 1 URL / portal address to access).
Different gateway configs are given to users in different AD groups.
Different gateways present different HIP notifications to users.
09-02-2025 10:32 AM
BUT each gateway requires separate external IP/URL and interface correct?
09-03-2025 08:42 AM
Ideally yes.
It is also possible to run them on different internal interfaces.
Different external ports dnatted to different internal gateway IPs like example below.
vpn.mycompany.com:6443 > 10.0.0.1:443
vpn.mycompany.com:7443 > 10.0.1.1:443
Issue is that then you can probably do SSL-VPN only (more overhead, more sensitive to packet loss) as I am not aware capability to run IPSec (UDP/4501) on alternate port externally.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
