01-20-2023 02:32 AM
We are planning to enable SAML(OKTA) authentication for GP Portal and GP GW in our environment. Below are my queries.
How to use the Hostnames instead of IP address to connect from the GlobalProtect. Where is the settings to configure a domain instead of IP address. In Cisco Anyconnect we call it as Alias. Not sure what we call in GlobalProtect.
Any example doc setting up the Alias and also the SAML authentication which gives us info on implementation part please.
01-20-2023 09:14 PM
Example if you have the IP of your Portal/Gateway using the Public IP you can also add a hostname.
Example in your public DNS of your public domain that you manage, create a DNS record type A, against the public IP example:
vpnglobal.mypublicdomain.com -----> 126.96.36.199.200
This on one side:
Now regarding the certificate you use, it must be able to have the domain name to correctly recognize the connection.
Example: SAN type certificate:
that can have the IP: 188.8.131.52.200 ( although there are many public CAs that no longer allow the IP ) and the hostname vpnglobal.mypublicdomain.com. If it is self-signed the issue is similar.
Now in the Global Protect config:
You go to Network/GlobalProtect/Portals/Your config then Agent your config External - External Gateway and there you add your FQDN i.e. your hostname so that it is recognized valid when making the connection.
02-14-2023 11:35 PM
Thank you Metgatz for the info.
I will work on this and update the post with the outcome.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!