Hello, I am fairly new to the Palo Alto firewalls so I figured I would pose a question to everyone while I continue my own research into the issue. Basically, in our test setup we have SSL VPN set up so that everyone in the office can authenticate via AD and access servers and resources through the tunnel. We want to be able to segregate this in some way so we can limit who has access to what. For instance, if you are a member of IT you can access these specific set of servers, but if you are in Sales you cannot reach them. I have already read into different methods, such as using multiple gateways and security policies. I also read this might be possible through AD security groups but the description was not clear. As such, I wanted to get other's opinion on this as well and see what other options I can consider. Also, just another random question, but is it possible for the GlobalProtect client to store multiple Portal addresses in like a drop down list to authenticate to, or am I limited to just one? Thank you in advance for responding to this post, and I look forward to hearing your thoughts.
... View more