Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

GlobalProtect Administrator’s Guide 41

Set Up the GlobalProtect Infrastructure Configure the GlobalProtect Portal

Step 8 Specify the gateways that users with this

configuration can connect to.

Best Practices:

•If you are adding both internal and

external gateways to the same

configuration, make sure to enable

Internal Host Detection. See Step 3 in

Define the GlobalProtect Client

Configurations for instructions.

• Make sure you do not use on-demand

as the connect method if your

configuration includes internal

gateways.

1. On the

Gateways tab, click Add in the section for Internal

Gateways or External Gateways, depending on which type of

gateway you are adding.

2. Enter a descriptive

Name for the gateway. The name you enter

here should match the name you defined when you configured

the gateway and should be descriptive enough for users to know

the location of the gateway they are connected to.

3. Enter the FQDN or IP address of the interface where the

gateway is configured in the

Address field. The address you

specify must exactly match the Common Name (CN) in the

gateway server certificate.

4. (External gateways only) Set the

Priority of the gateway by

clicking in the field and selecting a value:

• If you have only one external gateway, you can leave the value

set to

Highest (the default).

• If you have multiple external gateways, you can modify the

priority values (ranging from

Highest to Lowest) to indicate

a preference for the specific user group to which this

configuration applies. For example, if you prefer that the user

group connects to a local gateway you would set the priority

higher than that of more geographically distant gateways. The

priority value is then used to weight the agent’s gateway

selection algorithm.

• If you do not want agents to automatically establish tunnel

connections with the gateway, select

Manual only. This

setting is useful in testing environments.

5. (External gateways only) Select the

Manual check box if you

want to allow users to be able to manually switch to the gateway.

Step 9 (Optional) Define any custom host

information profile (HIP) data that you

want the agent to collect and/or exclude

HIP categories from collection.

This step only applies if you plan to use

the HIP feature and there is information

you want to collect that cannot be

collected using the standard HIP objects

or if there is HIP information that you are

not interested in collecting. See Use Host

Information in Policy Enforcement for

details on setting up and using the HIP

feature.

• Select

Data Collection > Custom Checks and then define any

custom data you want to collect from hosts running this client

configuration. For more details, see Step 2 in Configure

HIP-Based Policy Enforcement.

• Select

Data Collection > Exclude Categories and then click Add to

exclude specific categories and/or vendors, applications, or

versions within a category. For more details, see Step 3 in

Configure HIP-Based Policy Enforcement.

Step 10 Save the client configuration. 1. Click

OK to save the settings and close the Configs dialog.

2. If you want to add another client configuration, repeat Step 2

through Step 10.

Create a GlobalProtect Client Configuration (Continued)