Hardware reference guide
GlobalProtect Administrator’s Guide 169
GlobalProtect Quick Configs Mixed Internal and External Gateway Configuration
Quick Config: GlobalProtect Mixed Internal & External Gateway Configuration
Step 1 Create Interfaces and Zones for
GlobalProtect.
In this configuration, you must set up
interfaces on the firewall hosting a portal
and each firewall hosting a gateway.
Use the
default virtual router for all
interface configurations to avoid
having to create inter-zone routing.
On the firewall hosting the portal gateway (gp.acme.com):
• Select
Network > Interfaces > Ethernet and configure
ethernet1/2 as a Layer 3 Ethernet interface with IP address
198.51.100.42 and assign it to the l3-untrust security zone and the
default virtual router.
• Create a DNS “A” record that maps IP address 198.51.100.42 to
gp.acme.com.
• Select
Network > Interfaces > Tunnel and add the tunnel.2
interface and add it to a new zone called corp-vpn. Assign it to the
default virtual router.
• Enable User Identification on the corp-vpn zone.
On the firewall hosting the external gateway
(gpvpn.acme.com):
• Select
Network > Interfaces > Ethernet and configure
ethernet1/5 as a Layer 3 Ethernet interface with IP address
192.0.2.4 and assign it to the l3-untrust security zone and the
default virtual router.
• Create a DNS “A” record that maps IP address 192.0.2.4 to
gpvpn.acme.com.
• Select
Network > Interfaces > Tunnel and add the tunnel.3
interface and add it to a new zone called corp-vpn. Assign it to the
default virtual router.
• Enable User Identification on the corp-vpn zone.
On the firewall hosting the internal gateways
(california.acme.com and newyork.acme.com):
• Select
Network > Interfaces > Ethernet and configure Layer 3
Ethernet interface with IP addresses on the internal network and
assign them to the l3-trust security zone and the default virtual
router.
• Create a DNS “A” record that maps the internal IP addresses
california.acme.com and newyork.acme.com.
• Enable User Identification on the l3-trust zone.