Hardware reference guide
GlobalProtect Administrator’s Guide 145
GlobalProtect Quick Configs Remote Access VPN (Authentication Profile)
Step 2 Create security policy to enable traffic
flow between the corp-vpn zone and the
l3-trust zone to enable access to your
internal resources.
1. Select
Policies > Security and then click Add to add a new rule.
2. For this example, you would define the rule with the following
settings:
•
Name—VPN Access
•
Source Zone—corp-vpn
•
Destination Zone—l3-trust
Step 3 Obtain a server certificate for the
interface hosting the GlobalProtect portal
and gateway using one of the following
methods:
• (Recommended) Import a server
certificate from a well-known,
third-party CA.
• Generate a self-signed server
certificate.
Select
Device > Certificate Management > Certificates to manage
certificates as follows:
• Obtain a server certificate. Because the portal and gateway are on
the same interface, the same server certificate can be used for both
components.
• The CN of the certificate must match the FQDN, gp.acme.com.
• To enable clients to connect to the portal without receiving
certificate errors, use a server certificate from a public CA.
Step 4 Create a server profile.
The server profile instructs the firewall
how to connect to the authentication
service. Local, RADIUS, Kerberos, and
LDAP authentication methods are
supported. This example shows an LDAP
authentication profile for authenticating
users against the Active Directory.
Create the server profile for connecting to the LDAP server:
Device
> Server Profiles > LDAP
Quick Config: VPN Remote Access (Continued)