Palo Alto Networks Knowledgebase: How to Configure Internal GlobalProtect Only

How to Configure Internal GlobalProtect Only

15138
Created On 08/05/19 20:23 PM - Last Updated 08/05/19 20:36 PM
VPNs
Resolution

Overview

  • This document describes the steps to configure an internal only GlobalProtect Gateway.
  • This document was created on Palo Alto Networks device running PAN-OS 8.0

 

Steps

  1. Identify the interface where the customers are going to connect.
    interfaces.pngInterfaces
  2. Configure GlobalProtect Gateway:
    1. Use the dropdown list to select the internal interface, IP address, and SSL/TLS Service Profile, and Authentication Profile
    2. Client configuration for the internal gateway is not needed if tunneling is not performedInternal Gateway.pngInternal Gatewaygateway authentication.pngInternal Gateway Authentication
  3. Configure GlobalProtect Portal:
    1. Use the dropdown list to select the internal interface, IP address, and SSL/TLS Service Profile, and Authentication Profile
    2. Add the trusted Root CA
    3. Add Agent Configuration
      1. Make sure the Connect Method is not On-Demand
      2. Add the gateway to the list of internal gateways

portal configuration.pngGP Portal configurationportal authentication.pngGP Portal Authenticationagent configuration.pngGP Portal Agent configurationinternal gateway configuration.pngAgent Internal Gateway configurationagent user-logon always on.pngAgent App behavior - always-on

 

 

 

Now connect through the internal gateway:

Screen Shot 2015-06-24 at 3.37.57 PM.png

 

See Also

Reference the GlobalProtect Administrator Guide for any additional help with configuring GlobalProtect:

GlobalProtect Administrator's Guide 8.0 (English)

 

owner: aabdelhalim



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH1CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language