- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-22-2023 08:08 AM
I'm seeing multiple failed login attempts from China & Russia. I know I can restrict access to source countries with GP Gateway which I'm currently doing but how can I do this with the Global Protect Portal?
11-22-2023 11:41 PM
Hi,
the Region configuration is under GP portal, im guessing that you meant that you want to configure the region under the gateway?
you can configure a policy rule for the gateway to not allow traffic from certain country's.
the region configuration under portals->agent-external is not enabling any users from those chosen country's to connect to the portal.
hope that i made things clear, im here for more questions
thank you.
11-27-2023 09:39 AM - edited 11-27-2023 09:39 AM
Hi, no, what I'm asking about is restricting the web portal for the GP Portal based on source location. So far I've just disabled Portal Login Page found under Network > GlobalProtect > Portals > General > Appearance. I'm already doing geographic restrictions from the portal to the GlobalProtect Gateways. I do like to have the Portal Login Page enabled just for testing and allowing for vendors to grab our latest Global Protect Agent.
11-27-2023 11:23 AM - edited 11-28-2023 09:14 AM
Hi @bpotter98 ,
Traffic from the untrust zone to the interface in the same untrust zone is allowed by the intrazone-default rule. The easiest way to solve your problem is to create a drop rule (which will be above intrazone-default) that will drop all countries you do not want.
Rule Type: intrazone
Source Zone: Untrust
Source Address: List you countries you want to allow and check Negate.
Destination Address: Portal IP (could also be any if you want to block for all public IP addresses)
Application: Any
Service/URL Category: Any
Action: Drop
You can choose not to log if you don't want the clutter, but you may need to enable for troubleshooting.
Thanks,
Tom
11-28-2023 09:18 AM
I will give that a try. Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!