This cookie can be encrypted/decrypted using any certificate that is selected from the drop down of 'Certificate to Encrypt/Decrypt Cookie'. (Optional) Authentication override: Check the boxes for ' Generate cookie for authentication override' and 'Accept cookie for authentication override'.Client certificate - leave it as none, this will only be needed if we want to push any client certificate to clients for authentication purpose.Under authentication profile, select the auth profile created in Step 3. Give any name to it, leave the OS to 'any' unless you want to restrict it. Give a name to the portal and select the interface that serves as portal from the drop down.Ī. Under SSL/TLS service profile, select the SSL/TLS profile created in step 2 from the drop-down.ī. Go to Network > GlobalProtect > Portals > Add. We recommend creating a separate zone for VPN traffic as it gives better flexibility and more security to create separate security rules for the VPN traffic.ĥ. Give a tunnel number, virtual router and security zone. Create a tunnel interface under Network > Interfaces > Tunnel. Type - Choose Local Database(You may choose ldap,radius etc depending on your requirement)Īdvanced Tab > Allow List>Add - Select all (If you have groups, you may restrict it to required groups)Ĥ. Name- Give a name to this authentication profile Create an authentication profile under Device > Authentication Profile > Add. Create an SSL/TLS profile under Device > Certificate Management > SSL/TLS service profile, referencing the above created 'server certificate'.ģ. Generate a root CA, intermediate CA and a server cert as explained in this document:Ģ. Root, intermediate and server certs are generated on PANġ.Same interface serving as portal and gateway.This document explains basic GlobalProtect configuration for user-logon with the following considerations: Once connected to GlobalProtect, the user will see the 'disable' option (if allowed by admin) to disable the GlobalProtect application when needed. The idea behind user-logon is to have the user 'always' stay connected to GlobalProtect. When this is used with SSO (Windows only) or save user credentials (MAC), the GlobalProtect gets connected automatically after the user logs into the machine. What is GlobalProtect with User-logon (Always On)?Īs the name says, user-logon, the GlobalProtect is connected after a user logs on to a machine.
0 kommentar(er)
