I have just started my journey to PA world and spend several days configuring global protect features.
I successfully configured portal for as internal point of connection for Global protect client.
Idea is to provide User-id information to firewall without VPN connection.
As result my GP client tells me that "you are connected to internal network" but under PA device I don't see user<->ip information. User-id based rules don't work. no information from "show user ip-user-mapping all."
1. Are there any additional steps required to enable User-id features. I enable it only at security zone level.
2. Would it be possible to have one portal but two gateways (ext, int) for internal (user-id provisioning only ) and external (vpnssl) deployments. Or there are two portals external / internal are required ?
Thanks in advice !