Hardware reference guide
166 GlobalProtect Administrator’s Guide
GlobalProtect for Internal HIP Checking and User-Based Access GlobalProtect Quick Configs
Step 6 Configure the internal gateways. Select Network > GlobalProtect > Gateways and add the following
settings:
• Interface
• IP Address
• Server Certificate
• Authentication Profile and/or Configuration Profile
Notice that it is not necessary to configure the client configuration
settings in the gateway configurations (unless you want to set up HIP
notifications) because tunnel connections are not required. See
Configure a GlobalProtect Gateway for step-by-step instructions on
creating the gateway configurations.
Step 7 Configure the GlobalProtect Portal.
Although all of the previous
configurations could use a
Connect
Method
of user-logon or
on-demand, an internal gateway
configuration must always be on
and therefore requires a
Connect
Method
of user-logon.
Select
Network > GlobalProtect > Portals and add the following
configuration:
1. Set Up Access to the Portal:
Interface—ethernet1/2
IP Address—10.31.34.13
Server Certificate—GP-server-cert.pem issued by Go Daddy
with CN=gp.acme.com
2. Create a GlobalProtect Client Configuration:
Use single sign-on—enabled
Connect Method—user-logon
Internal Gateway Address—california.acme.com,
newyork.acme.com
User/User Group—any
3.
Commit the portal configuration.
Step 8 Deploy the GlobalProtect Agent
Software.
Select
Device > GlobalProtect Client.
In this example, use the procedure to Host Agent Updates on the
Portal.
Quick Config: GlobalProtect Internal Gateway Configuration (Continued)