Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

GlobalProtect Administrator’s Guide 9

Set Up the GlobalProtect Infrastructure Create Interfaces and Zones for GlobalProtect

Step 2 On the firewall(s) hosting GlobalProtect

gateway(s), configure the logical tunnel

interface that will terminate VPN tunnels

established by the GlobalProtect agents.

IP addresses are not required on the

tunnel interface unless you require

dynamic routing. In addition,

assigning an IP address to the

tunnel interface can be useful for

troubleshooting connectivity issues.

Make sure to enable User-ID in the

zone where the VPN tunnels

terminate.

1. Select

Network > Interfaces > Tunnel and click Add.

2. In the

Interface Name field, specify a numeric suffix, such as .2.

3. On the

Config tab, expand the Security Zone drop-down to

define the zone as follows:

• To use your trust zone as the termination point for the

tunnel, select the zone from the drop-down.

• (Recommended) To create a separate zone for VPN tunnel

termination, click

New Zone. In the Zone dialog, define a

Name for new zone (for example vpn-corp), select the

Enable User Identification check box, and then click OK.

4. In the

Virtual Router drop-down, select default.

5. (Optional) If you want to assign an IP address to the tunnel

interface, select the

IPv4 tab, click Add in the IP section, and

enter the IP address and network mask to assign to the interface,

for example 10.31.32.1/32.

6. To save the interface configuration, click

OK.

Step 3 If you created a separate zone for tunnel

termination of VPN connections, create a

security policy to enable traffic flow

between the VPN zone and your trust

zone.

For example, the following policy rule enables traffic between the

corp-vpn zone and the l3-trust zone.

Step 4 Save the configuration.

If you enabled management access

to the interface hosting the portal,

you must add a :4443 to the URL. For

example, to access the web interface for

the portal configured in this example, you

would enter the following:

https://208.80.56.100:4443

Or, if you configured a DNS record for

the FQDN, such as gp.acme.com, you

would enter:

https://gp.acme.com:4443

Click Commit.

Set Up Interfaces and Zones for GlobalProtect (Continued)