cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this solution

L6 Presenter

I am not familiar with Cisco Anyconnect (I have used Cisco ASA a tiny bit for site-to-site and user VPNs, but never did any user side config), but from your description I believe you are right. The GP Portal sets all the user side restrictions and options. There are a couple user configuration options through the GP Gateway (user VPN IP address, split tunnel networks, etc), but everything else comes from the GP Portal.

 

The basic config options for the user can be found under:

Network -> GlobalProtect -> Portals -> [portal_config] -> Agent -> [agent_config] ->

App - GP client settings including VPN mode (on-demand/always-on), Portal config lifetime, password policies, user bypass options, etc.

External - GP Gateways the client will connect to with preference/geolocation options

Internal - Internal network VPN bypass and internal gateways for HIP data collection

 

Network -> GlobalProtect -> Gateways -> [gateway_config] -> Agent -> Client Settings -> [client_config] ->

Authentication Override - whether to accept/generate cookies for overriding user authentication for Portal/Gateway login

IP Pools - IP subnet to allocate client VPN IPs from

Split Tunnel - Networks/domains to always split-tunnel and exclude from forcing through the VPN

Network -> GlobalProtect -> Gateways -> [gateway_config] -> Agent

-> Network Services - client DNS servers

Network -> GlobalProtect -> Gateways -> [gateway_config] -> Agent

-> Connection Settings - GP Gateway connection lifetime

View solution in original post

Who Me Too'd this solution