Documente Academic
Documente Profesional
Documente Cultură
user-defined port
Version 1.0
PAN-OS 5.0.1
Johan Loos
johan@accessdenied.be
Global Protect SSL VPN Overview
This document gives you an overview on how to configure Global Protect for SSL VPN access. I use a
customized port other than the default (443) and a little help from a loopback adapter.
You can also create a security group in Active Directory where the user must be a member of before
he can access the network via SSL VPN. Users will be authenticated via a Network Policy on the
Network Policy Server running on Windows Server 2012.
Click OK
On the Tunnel Interface | IPv4 page, leave the IP address of the interface blank
Click OK
Click OK
On GlobalProtect Portal| Client Configuration page, under Trusted Root CA, click Add and
select the certificate of your trusted Root CA
On the GlobalProtect Gateway | Client Configuration | Tunnel Settings page, enable Tunnel
Mode and select your Tunnel Interface
Click OK
Click OK
Click OK
Click on Source
Select a Source Zone and a Source Address
Click on Application
Add the applications you need for that server
Click on Service
Select the service you have created above
Click on Actions
Select the actions that you need
Configuring Global Protect SSL VPN with a user-defined port 12
Click OK
From the Network Policy Server Console, right click on Connection Request Policies
and select New
On the Specify Connection Request Policy Name and Connection Type page, type a
name for the policy and click Next
From the Network Policy Server Console, right click on Network Policies and select
New
On the Specify Network Policy Name and Connection Type page, type a name for
your policy and click Next
On the Specify Access Permissions page, select Access Granted and click Next