GlobalProtect UI with more than 1 account

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect UI with more than 1 account

L1 Bithead

Hi all,

 

I'm using GlobalProtect 6.0.4.1 under Ubuntu 22.10.  I work with two separate organisations, both of whom use GlobalProtect.  So each one has a different server that I need to connect to.  After I've configured GlobalProtect with one of them, the server is listed in the window next to "Portal:".  It looks like I'm unable to change it.

 

How can I configure GlobalProtect to work with the second server so that I can switch between them as needed?

 

Thank you!

 

Ray

 

1 accepted solution

Accepted Solutions

Hi @rwanwork,

GlobalProtect agent support multiple portals, BUT this behavior is actually controlled by the firewall/organization you are connecting to. When you try to connect to GlobalProtect two major actions happens in the background:

1. GP agent connects and authenticates to Portal, which sends instructions and settings to the client.

2. Using these instructions GP agent authenticates and establish VPN tunnel to the gateway

 

The instructions and setting send by the portal to the agent include how the agent will behave. One of this setting forbids the user to change the portal address

Astardzhiev_0-1677669309149.png

 

I would suggest you to ask the firewall support team for this organization to make an exception for you, by creating separate GP Portal config for your user with option allowing you to change the portal address.

 

 

View solution in original post

4 REPLIES 4

Hi @rwanwork,

GlobalProtect agent support multiple portals, BUT this behavior is actually controlled by the firewall/organization you are connecting to. When you try to connect to GlobalProtect two major actions happens in the background:

1. GP agent connects and authenticates to Portal, which sends instructions and settings to the client.

2. Using these instructions GP agent authenticates and establish VPN tunnel to the gateway

 

The instructions and setting send by the portal to the agent include how the agent will behave. One of this setting forbids the user to change the portal address

Astardzhiev_0-1677669309149.png

 

I would suggest you to ask the firewall support team for this organization to make an exception for you, by creating separate GP Portal config for your user with option allowing you to change the portal address.

 

 

L1 Bithead

Hi @aleksandar.astardzhiev ,

 

Thank you for your reply!  Since my original question, I've been trying to play around with it and it wasn't making sense to me.  Now that you've clarified that it's controlled by the organisation, it does reflect what I'm seeing!

 

Unfortunately, I think I'm unique in the organisation.  I mean, I'm in the situation where I'm affiliated with two organisations, both of which happen to use GlobalProtect.  I can ask, but I doubt they will make an exception for me since I'm just one out of many employees.

 

Thank you for the explanation!

 

Ray

 

Hey @rwanwork ,

From configuration point of view it should be trivial to apply such exception.

This setting can be applied per user/user-group, so it should be easy for them to just clone the existing config, change the setting for the config and apply it only for your user (or create separate user group for other users in the future).

 

IMHO restricting the user to change the portal only make sense if your users are using corporate issues devices only for your organization.

 

Wish you good luck and hope they will agree (its the logical think to do).

L1 Bithead

Hi @aleksandar.astardzhiev ,

 

Thank you for the encouragement!  Indeed, the device in question is my own personal device.  In fact, I think most of the people in the organisation are using their own devices (it's a public university, with a majority of the population being students).

 

Hopefully they see it your way...  Thank you!

 

Ray

 

  • 1 accepted solution
  • 1740 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!