SAML Authentication for GP Portal and GP GW

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SAML Authentication for GP Portal and GP GW

L2 Linker

Hi All,

We are planning to enable SAML(OKTA) authentication for GP Portal and GP GW in our environment. Below are my queries.

How to use the Hostnames instead of IP address to connect from the GlobalProtect. Where is the settings to configure a domain instead of IP address. In Cisco Anyconnect we call it as Alias. Not sure what we call in GlobalProtect.

Any example doc setting up the Alias and also the SAML authentication which gives us info on implementation part please.

Regards,

Sanjay S

1 REPLY 1

L4 Transporter

Hello @Sanjay_Ramaiah 

 

Hello @Sanjay_Ramaiah 

 

Example if you have the IP of your Portal/Gateway using the Public IP you can also add a hostname.

 

Example in your public DNS of your public domain that you manage, create a DNS record type A, against the public IP example:

vpnglobal.mypublicdomain.com -----> 200.200.200.200.200

 

This on one side:

Now regarding the certificate you use, it must be able to have the domain name to correctly recognize the connection.

 

Example: SAN type certificate:

 

that can have the IP: 200.200.200.200.200 ( although there are many public CAs that no longer allow the IP ) and the hostname vpnglobal.mypublicdomain.com. If it is self-signed the issue is similar.

 

Now in the Global Protect config:

 

You go to Network/GlobalProtect/Portals/Your config then Agent your config External - External Gateway and there you add your FQDN i.e. your hostname so that it is recognized valid when making the connection.

 

 

Regards

 

High Sticker
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!