Palo Alto Networks Knowledgebase: How to Configure GlobalProtect Portal Page to be Accessed on any Port

How to Configure GlobalProtect Portal Page to be Accessed on any Port

Created On 02/07/19 23:54 PM - Last Updated 02/07/19 23:54 PM

Although it is not possible to change the port GlobalProtect uses, it is possible to use another port with help from a loopback IP address and security rules.


Here is how to do that:

  1. Create a loopback2018-07-19_14-48-09.jpg


  2. Make sure the untrust interface can ping the loopback.
  3. Assign the loopback as the portal address and the gateway address2018-07-19_14-50-55.jpg




  4. In the GlobalProtect Portal > Agent > External tab, set the external gateway to address ( for example)



    Create a Destination NAT rule with service:7000 to (Untrust Interface) translating to (loopback) on service:443

  5. lp.JPG

  6. Create a security policy with destination address as the untrust interface and services as 7000 and 443


  7. With this configuration, you will be able to access the global protect portal page on which will translate to and install the GlobalProtect client software.3581_lp.png


  8. Use the credentials in the username & password fields. In the portal field, use the IP as as shown.


4184_gp non https 2.png




4185_gp non https 4.jpg



owner: mvenkatesan

  • Print
  • Copy Link

Choose Language