Palo Alto Networks Knowledgebase: How to Configure GlobalProtect Portal Page to be Accessed on any Port
How to Configure GlobalProtect Portal Page to be Accessed on any Port
Created On 02/07/19 23:54 PM - Last Updated 02/07/19 23:54 PM
Although it is not possible to change the port GlobalProtect uses, it is possible to use another port with help from a loopback IP address and security rules.
Here is how to do that:
Create a loopback
Make sure the untrust interface can ping the loopback.
Assign the loopback as the portal address and the gateway address
In the GlobalProtect Portal > Agent > External tab, set the external gateway to address (10.30.6.56:7000 for example)
Create a Destination NAT rule with service:7000 to 10.30.6.56 (Untrust Interface) translating to 10.10.10.1 (loopback) on service:443
Create a security policy with destination address as the untrust interface and services as 7000 and 443
With this configuration, you will be able to access the global protect portal page on https://10.30.6.56:7000 which will translate to https://10.10.10.1.Download and install the GlobalProtect client software.
Use the credentials in the username & password fields. In the portal field, use the IP as 10.30.6.56:7000 as shown.