Palo Alto Networks Knowledgebase: How to Configure GlobalProtect Portal Page to be Accessed on any Port

How to Configure GlobalProtect Portal Page to be Accessed on any Port

10901
Created On 02/07/19 23:54 PM - Last Updated 02/07/19 23:54 PM
VPNs
Resolution

Although it is not possible to change the port GlobalProtect uses, it is possible to use another port with help from a loopback IP address and security rules.

 

Here is how to do that:

  1. Create a loopback2018-07-19_14-48-09.jpg

     

  2. Make sure the untrust interface can ping the loopback.
  3. Assign the loopback as the portal address and the gateway address2018-07-19_14-50-55.jpg

    2018-07-19_14-52-32.jpg

     

     

  4. In the GlobalProtect Portal > Agent > External tab, set the external gateway to address (10.30.6.56:7000 for example)


    2018-07-19_14-56-34.jpg

     

    Create a Destination NAT rule with service:7000 to 10.30.6.56 (Untrust Interface) translating to 10.10.10.1 (loopback) on service:443

  5. lp.JPG

  6. Create a security policy with destination address as the untrust interface and services as 7000 and 443

    lp.JPG

  7. With this configuration, you will be able to access the global protect portal page on https://10.30.6.56:7000 which will translate to https://10.10.10.1.Download and install the GlobalProtect client software.3581_lp.png

     

  8. Use the credentials in the username & password fields. In the portal field, use the IP as 10.30.6.56:7000 as shown.

 

4184_gp non https 2.png

 

 

 

4185_gp non https 4.jpg

 

 

owner: mvenkatesan



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGKCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language