Does GlobalProtect Require Interface Management Profiles with HTTPS to Function?

Does GlobalProtect Require Interface Management Profiles with HTTPS to Function?

18078
Created On 09/25/18 19:43 PM - Last Modified 05/09/23 22:35 PM


Resolution


GlobalProtect does not need HTTPS from the interface management for the portal to function. It is recommended to review the Interface Management Profiles to ensure that loopback, physical interface or tunnel are NOT selected with HTTPS, and NOT applied to the GlobalProtect.

 

By default, when GlobalProtect portal is enabled it’s running on port 443.

 

If an interface management profile has been inadvertently applied to the loopback, or the physical interface for the GlobalProtect portal, the platform could potentially be vulnerable to the CVE-2017-15944 Vulnerability in PAN-OS and Panorama on Management Interface

 

Note: Interface Management profile with HTTPS enabled is running on port 4443.

 

See the following for additional resources:

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClbU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Choose Language