This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect UI with more than 1 account

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect UI with more than 1 account

Go to solution
rwanwork
L1 Bithead

‎02-28-2023 06:02 AM

Hi all,

 

I'm using GlobalProtect 6.0.4.1 under Ubuntu 22.10.  I work with two separate organisations, both of whom use GlobalProtect.  So each one has a different server that I need to connect to.  After I've configured GlobalProtect with one of them, the server is listed in the window next to "Portal:".  It looks like I'm unable to change it.

 

How can I configure GlobalProtect to work with the second server so that I can switch between them as needed?

 

Thank you!

 

Ray

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎03-01-2023 03:17 AM

Hi @rwanwork,

GlobalProtect agent support multiple portals, BUT this behavior is actually controlled by the firewall/organization you are connecting to. When you try to connect to GlobalProtect two major actions happens in the background:

1. GP agent connects and authenticates to Portal, which sends instructions and settings to the client.

2. Using these instructions GP agent authenticates and establish VPN tunnel to the gateway

 

The instructions and setting send by the portal to the agent include how the agent will behave. One of this setting forbids the user to change the portal address

Astardzhiev_0-1677669309149.png

 

I would suggest you to ask the firewall support team for this organization to make an exception for you, by creating separate GP Portal config for your user with option allowing you to change the portal address.

 

 

View solution in original post

(1)
4 REPLIES 4

Go to solution
aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎03-01-2023 03:17 AM

Hi @rwanwork,

GlobalProtect agent support multiple portals, BUT this behavior is actually controlled by the firewall/organization you are connecting to. When you try to connect to GlobalProtect two major actions happens in the background:

1. GP agent connects and authenticates to Portal, which sends instructions and settings to the client.

2. Using these instructions GP agent authenticates and establish VPN tunnel to the gateway

 

The instructions and setting send by the portal to the agent include how the agent will behave. One of this setting forbids the user to change the portal address

Astardzhiev_0-1677669309149.png

 

I would suggest you to ask the firewall support team for this organization to make an exception for you, by creating separate GP Portal config for your user with option allowing you to change the portal address.

 

 

(1)

Go to solution
rwanwork
L1 Bithead

‎03-01-2023 07:04 AM

Hi @aleksandar.astardzhiev ,

 

Thank you for your reply!  Since my original question, I've been trying to play around with it and it wasn't making sense to me.  Now that you've clarified that it's controlled by the organisation, it does reflect what I'm seeing!

 

Unfortunately, I think I'm unique in the organisation.  I mean, I'm in the situation where I'm affiliated with two organisations, both of which happen to use GlobalProtect.  I can ask, but I doubt they will make an exception for me since I'm just one out of many employees.

 

Thank you for the explanation!

 

Ray

 

0 Likes Likes

Go to solution
aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to rwanwork

‎03-01-2023 07:17 AM

Hey @rwanwork ,

From configuration point of view it should be trivial to apply such exception.

This setting can be applied per user/user-group, so it should be easy for them to just clone the existing config, change the setting for the config and apply it only for your user (or create separate user group for other users in the future).

 

IMHO restricting the user to change the portal only make sense if your users are using corporate issues devices only for your organization.

 

Wish you good luck and hope they will agree (its the logical think to do).

Go to solution
rwanwork
L1 Bithead

‎03-01-2023 07:27 AM

Hi @aleksandar.astardzhiev ,

 

Thank you for the encouragement!  Indeed, the device in question is my own personal device.  In fact, I think most of the people in the organisation are using their own devices (it's a public university, with a majority of the population being students).

 

Hopefully they see it your way...  Thank you!

 

Ray

 

0 Likes Likes
  • 1 accepted solution
  • 1306 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks