How to Configure Internal GlobalProtect Only

How to Configure Internal GlobalProtect Only

86205
Created On 09/25/18 17:36 PM - Last Modified 09/14/20 19:47 PM


Symptom
  • This document describes the steps to configure an internal only GlobalProtect Gateway.
  • This document was created on Palo Alto Networks device running PAN-OS 8.0


Environment
  • PAN-OS
  • GlobalProtect (GP)


Resolution

 

  1. Identify the interface where the customers are going to connect.
Interfaces
interfaces.png
  1. Configure GlobalProtect Gateway:
    1. Use the dropdown list to select the internal interface, IP address, and SSL/TLS Service Profile, and Authentication Profile
    2. Client configuration for the internal gateway is not needed if tunneling is not performed
Internal Gateway
Internal Gateway.png

Internal Gateway Authentication

gateway authentication.png
  1. Configure GlobalProtect Portal:
    1. Use the dropdown list to select the internal interface, IP address, and SSL/TLS Service Profile, and Authentication Profile
    2. Add the trusted Root CA
    3. Add Agent Configuration
      1. Make sure the Connect Method is not On-Demand
      2. Add the gateway to the list of internal gateways
GP Portal configuration
portal configuration.png

GP Portal Authentication

portal authentication.png

GP Portal Agent configuration
agent configuration.png


Agent Internal Gateway configuration
internal gateway configuration.png

Agent App behavior - always-on
agent user-logon always on.png


Now connect through the internal gateway:

Screen Shot 2015-06-24 at 3.37.57 PM.png



Additional Information

Reference the GlobalProtect Administrator Guide for any additional help with configuring GlobalProtect:
GlobalProtect Administrator's Guide 9 (English)



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClH1&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language