I have to be missing something completely logical here. We just deployed our pair of PA-5050's and I am in the process of setting up what I thought was going to be a simple GP VPN for remote management use. When setting up the gateway and portal, it only gives me the option to use the local trusted interface for that vsys. In prior, smaller scale deployments, I always thought the external untrusted IP went here, but I believe it is unavailable due to the fact it is assigned to a shared gateway. I attempted to create a static nat with an available IP and NAT it to the internal trusted interface on that vsys that was used in the GP Portal/GW config, however I receive no Global Protect login prompt, just an immediate "no data received" and the GP client errors out immediately. Am I missing something completely logical and apparent here? I combed through the PAN-OS admin documentation but couldn't find anything addressing these scenario. Thanks in advance for any thoughts.
... View more