Hardware reference guide
172 GlobalProtect Administrator’s Guide
Mixed Internal and External Gateway Configuration GlobalProtect Quick Configs
Step 7 Configure the GlobalProtect Portal.
Although this example shows how to
create a single client configuration to be
deployed to all agents, you could choose
to create separate configurations for
different uses and then deploy them based
on user/group name and/or the
operating system the agent/app is
running on (Android, iOS, Mac, or
Windows).
Select
Network > GlobalProtect > Portals and add the following
configuration:
1. Set Up Access to the Portal:
Interface—ethernet1/2
IP Address—10.31.34.13
Server Certificate—GP-server-cert.pem issued by Go Daddy
with CN=gp.acme.com
2. Create a GlobalProtect Client Configuration:
Internal Host Detection—enabled
Use single sign-on—enabled
Connect Method—user-logon
External Gateway Address—gpvpn.acme.com
Internal Gateway Address—california.acme.com,
newyork.acme.com
User/User Group—any
3.
Commit the portal configuration.
Step 8 Deploy the GlobalProtect Agent
Software.
Select
Device > GlobalProtect Client.
In this example, use the procedure to Host Agent Updates on the
Portal.
Step 9 Create security policy rules on each
gateway to safely enable access to
applications for your VPN users.
• Create security policy (
Policies > Security) to enable traffic flow
between the corp-vpn zone and the l3-trust zone.
• Create HIP-enabled and user/group-based policy rules to enable
granular access to your internal datacenter resources.
• For visibility, create rules that allow all of your users web-browsing
access to the l3-untrust zone, using the default security profiles to
protect you from known threats.
Step 10 Save the GlobalProtect configuration. Click
Commit on the portal and all gateways.
Quick Config: GlobalProtect Mixed Internal & External Gateway Configuration (Continued)