03-16-2018 08:23 AM - edited 03-16-2018 08:24 AM
@Mick_Ballwrote:Loopback interface could assist here,
I read a similar article about how to make GlobalProtect accessible on a different port by using a loopback interface and NAT rules but it didn't click how that would help my setup until this morning.
I can create a loopback interface on the school firewall and use that as the IP for the GP Gateway on that firewall. Then just create NAT rules that forward ports 443 and 4501 from a shared public IP to the local IP, with Security rules to allow the panos-global-protect, panos-web, and ssl applications through on that public IP.
Or something along those lines. That way, there's an IP on the firewall that the GP connection terminates at, instead of having the traffic forwarded through the firewall. That was the step I was missing yesterday when testing it with the shared IP.
Edit: this is the article I read yesterday:
