How to Configure Internal GlobalProtect Only

How to Configure Internal GlobalProtect Only

120936
Created On 09/25/18 17:36 PM - Last Modified 09/14/20 19:47 PM


Symptom


  • This document describes the steps to configure an internal only GlobalProtect Gateway.
  • This document was created on Palo Alto Networks device running PAN-OS 8.0

Environment


  • PAN-OS
  • GlobalProtect (GP)

Resolution


 

  1. Identify the interface where the customers are going to connect.
Interfaces
interfaces.png
  1. Configure GlobalProtect Gateway:
    1. Use the dropdown list to select the internal interface, IP address, and SSL/TLS Service Profile, and Authentication Profile
    2. Client configuration for the internal gateway is not needed if tunneling is not performed
Internal Gateway
Internal Gateway.png

Internal Gateway Authentication
gateway authentication.png
  1. Configure GlobalProtect Portal:
    1. Use the dropdown list to select the internal interface, IP address, and SSL/TLS Service Profile, and Authentication Profile
    2. Add the trusted Root CA
    3. Add Agent Configuration
      1. Make sure the Connect Method is not On-Demand
      2. Add the gateway to the list of internal gateways
GP Portal configuration
portal configuration.png

GP Portal Authentication
portal authentication.png

GP Portal Agent configuration
agent configuration.png

Agent Internal Gateway configuration
internal gateway configuration.png

Agent App behavior - always-on
agent user-logon always on.png


Now connect through the internal gateway:

Screen Shot 2015-06-24 at 3.37.57 PM.png

Additional Information


Reference the GlobalProtect Administrator Guide for any additional help with configuring GlobalProtect:
GlobalProtect Administrator's Guide 9 (English)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH1CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language