03-20-2025 11:26 AM
I want to preface this, we are not having issues with Global protect per se, rather we are looking to limit the access to the device running global protect. We recently have seen an instance of a device running GP that was locked due to a bad actor RDPing to the public IP address of the device. We are assuming the device was connected directly to the modem or had some sort of port forwarding configured on their home network.
Is there is a way to block traffic from hitting this device on the local interface when global protect is installed? We are fairly new to the palo landscape and were asked whether or not this was a possibility.
Our firewalls are running 10.2.7-h24 and GP App is version 6.1.4-711. For the gateway configs under split tunnel we have No direct access to local network selected and a handful of networks in the exclude list (0365). We do not have "Enforce Global protect connection for network access" set to no currently as it caused some issues when we were inbetween VPN products.
Any insight is appreciated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
