Does GlobalProtect Require Interface Management Profiles with HTTPS to Function?

Does GlobalProtect Require Interface Management Profiles with HTTPS to Function?

12469
Created On 09/25/18 19:43 PM - Last Modified 04/21/20 00:46 AM


Resolution

GlobalProtect does not need HTTPS from the interface management for the portal to function. It is recommended to review the Interface Management Profiles to ensure that loopback, physical interface or tunnel are NOT selected with HTTPS, and NOT applied to the GlobalProtect.

 

By default, when GlobalProtect portal is enabled it’s running on port 443.

 

If an interface management profile has been inadvertently applied to the loopback, or the physical interface for the GlobalProtect portal, the platform could potentially be vulnerable to the PAN-OS and Panorama Vulnerability on Management Interface (PAN-SA-2017-0027).

 

Note: Interface Management profile with HTTPS enabled is running on port 4443.

 

See the following for additional resources:

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClbU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Attachments
Choose Language