Hardware reference guide

144 GlobalProtect Administrator’s Guide

Remote Access VPN (Authentication Profile) GlobalProtect Quick Configs

Remote Access VPN (Authentication Profile)

In the Figure: GlobalProtect VPN for Remote Access, the GlobalProtect portal and gateway are both

configured on ethernet1/2 and this is the physical interface where GlobalProtect clients connect. After the

clients connect and successfully authenticate to the portal and gateway, the agent establishes a VPN tunnel from

its virtual adapter, which has been assigned an address in the IP address pool associated with the gateway

tunnel.2 configuration—10.31.32.3-10.31.32.118 in this example. Because GlobalProtect VPN tunnels

terminate in a separate corp-vpn zone you have visibility into the VPN traffic as well as the ability to tailor

security policy for remote users.

Figure: GlobalProtect VPN for Remote Access

The following procedure provides the configuration steps for this example. You can also watch the video.

Watch the video.

Quick Config: VPN Remote Access

Step 1 Create Interfaces and Zones for

GlobalProtect.

Use the

default virtual router for all

interface configurations to avoid

having to create inter-zone routing.

• Select

Network > Interfaces > Ethernet and configure

ethernet1/2 as a Layer 3 Ethernet interface with IP address

199.21.7.42 and assign it to the l3-untrust zone and the default

virtual router.

• Create a DNS “A” record that maps IP address 199.21.7.42 to

gp.acme.com.

• Select

Network > Interfaces > Tunnel and add the tunnel.2

interface and add it to a new zone called corp-vpn. Assign it to the

default virtual router.

• Enable User Identification on the corp-vpn zone.