This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SAML Authentication for GP Portal and GP GW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SAML Authentication for GP Portal and GP GW

Sanjay_Ramaiah
L4 Transporter

‎01-20-2023 02:32 AM

Hi All,

We are planning to enable SAML(OKTA) authentication for GP Portal and GP GW in our environment. Below are my queries.

How to use the Hostnames instead of IP address to connect from the GlobalProtect. Where is the settings to configure a domain instead of IP address. In Cisco Anyconnect we call it as Alias. Not sure what we call in GlobalProtect.

Any example doc setting up the Alias and also the SAML authentication which gives us info on implementation part please.

Regards,

Sanjay S

0 Likes Likes
2 REPLIES 2

Metgatz
L4 Transporter

‎01-20-2023 09:14 PM

Hello @Sanjay_Ramaiah 

 

Hello @Sanjay_Ramaiah 

 

Example if you have the IP of your Portal/Gateway using the Public IP you can also add a hostname.

 

Example in your public DNS of your public domain that you manage, create a DNS record type A, against the public IP example:

vpnglobal.mypublicdomain.com -----> 200.200.200.200.200

 

This on one side:

Now regarding the certificate you use, it must be able to have the domain name to correctly recognize the connection.

 

Example: SAN type certificate:

 

that can have the IP: 200.200.200.200.200 ( although there are many public CAs that no longer allow the IP ) and the hostname vpnglobal.mypublicdomain.com. If it is self-signed the issue is similar.

 

Now in the Global Protect config:

 

You go to Network/GlobalProtect/Portals/Your config then Agent your config External - External Gateway and there you add your FQDN i.e. your hostname so that it is recognized valid when making the connection.

 

 

Regards

 

High Sticker
0 Likes Likes

Sanjay_Ramaiah
L4 Transporter
In response to Metgatz

‎02-14-2023 11:35 PM

Thank you Metgatz for the info.

I will work on this and update the post with the outcome.

Regards,

Sanjay S

0 Likes Likes
  • 975 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks