03-20-2025 11:26 AM
I want to preface this, we are not having issues with Global protect per se, rather we are looking to limit the access to the device running global protect. We recently have seen an instance of a device running GP that was locked due to a bad actor RDPing to the public IP address of the device. We are assuming the device was connected directly to the modem or had some sort of port forwarding configured on their home network.
Is there is a way to block traffic from hitting this device on the local interface when global protect is installed? We are fairly new to the palo landscape and were asked whether or not this was a possibility.
Our firewalls are running 10.2.7-h24 and GP App is version 6.1.4-711. For the gateway configs under split tunnel we have No direct access to local network selected and a handful of networks in the exclude list (0365). We do not have "Enforce Global protect connection for network access" set to no currently as it caused some issues when we were inbetween VPN products.
Any insight is appreciated.
03-26-2025 08:00 PM
Hi @notclarkkent ,
GlobalProtect itself doesn't have the ability to filer traffic coming into the client's local NIC from the local network/internet. The reason is because GP is primarily for securing outbound traffic via the tunnel you create to your NGFW.
I would take a look at local firewall rules for the client. If its a windows machine, Windows defender can be used to block incoming traffic. If its a linux machine, you can use iptables/firewalld to block connections.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
