GlobalProtect: Using an alternative port

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect: Using an alternative port

L0 Member

Good morning.


I require a bit of assistance for deploying GlobalProtect with a twist.

 

A client of ours wishes to deploy Global Protect but unfortunately, they also have a Web Facing application using SSL on the same ISP interface.

 

This is unfortunately causing issues since GP also makes use of 443(SSL) and due to the DNAT rule in place for this web app, any traffic originating with application SSL is being natted to the internal web-app server.

 

I did some research and found implemented the following:
How to Configure GlobalProtect Portal Page to be Accessed on an... - Knowledge Base - Palo Alto Netw...

 

But this did not resolve the SSL issue.

 

Therefore, it seems that there can only be either a DNAT that will point SSL traffic to the loopback of the global protect or a DNAT that will point SSL traffic to the web-app server.

 

One alternative is making use of the alternative ISP link but the client does not wish to go down that route for the time being.

 

I hope I have provided enough information.

Any ideas would be appreciated.
Thanks.

1 REPLY 1

Cyber Elite
Cyber Elite

@MGiusti,

Your DNAT statement for GlobalProtect wouldn't be using tcp/443 when you change the port of the portal/gateway, it'll be using whatever port you've selected that isn't already being used for your web server. How exactly are you attempting to set up your NAT statements? Sounds like something that you're setting there isn't being done properly. 

  • 1140 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!