Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

GlobalProtect Administrator’s Guide 37

Set Up the GlobalProtect Infrastructure Configure the GlobalProtect Portal

Define the GlobalProtect Client Configurations

When a GlobalProtect agent/app connects and successfully authenticates to the GlobalProtect portal, the

portal delivers the GlobalProtect client configuration to the agent/app based on the settings you defined. If you

have different classes of users requiring different configurations, you can create a separate client configuration

for each. The portal will then use the username/group name and or OS of the client to determine which client

configuration to deploy. As with security rule evaluation, the portal looks for a match starting from the top of

the list. When it finds a match, it delivers the corresponding configuration to the agent/app.

The configuration may include the following:

 A list of gateways the agent/app can connect to, and whether the user can establish manual connections with

those gateways.

Set Up Access to the Portal

Step 1 Add the portal. 1. Select Network > GlobalProtect > Portals and click Add.

2. On the

Portal Configuration tab, enter a Name for the portal.

The portal name should not contain any spaces.

3. (Optional) Select the virtual system to which this portal belongs

from the

Location field.

Step 2 Specify the network information to

enable agents to connect to the portal.

If you have not yet created the network

interface for the portal, see Create

Interfaces and Zones for GlobalProtect

for instructions. If you haven’t yet created

a server certificate for the portal and

issued gateway certificates, see Deploy

Server Certificates to the GlobalProtect

Components.

1. Select the

Interface that agents will use for ingress access to the

portal.

2. Select the

IP Address for the portal web service.

3. Select the

Server Certificate for the portal from the

drop-down.

The Common Name (CN) and, if applicable, the Subject

Alternative Name (SAN) fields of the certificate must

exactly match the IP address or fully qualified domain

name (FQDN) of the interface where you configure the

portal or HTTPS connections to the portal will fail.

Step 3 Specify how the portal will authenticate

end users.

If you have not yet set up the

authentication profiles and/or certificate

profiles, see Set Up GlobalProtect User

Authentication for instructions.

• To authenticate users using a local user database or an external

authentication service (including OTP authentication), select the

corresponding

Authentication Profile.

• Enter an

Authentication Message to guide users as to which

authentication credentials to use.

• To authenticate users based on a client certificate or a smart

card/CAC, select the corresponding

Certificate Profile.

• To use two-factor authentication, select both an authentication

profile and a certificate profile. Keep in mind that the user must

successfully authenticate using both methods to be granted access.

Step 4 Save the portal configuration. 1. Click

OK to save the settings and close the GlobalProtect

Gateway dialog.

Commit your changes.