GlobalProtect Gateways General Tab
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
End-of-Life (EoL)
GlobalProtect Gateways General Tab
- NetworkGlobalProtectGateways<gateway-config>General
Select the General tab to define the gateway
interface to which the apps can connect and specify how the gateway
authenticates endpoints.
GlobalProtect Gateway
General Settings | Description |
---|---|
Name | Enter a name for the gateway (up to 31 characters). The
name is case-sensitive and must be unique. Use only letters, numbers,
spaces, hyphens, and underscores. |
Location | For a firewall that is in multiple virtual
system mode, the Location is the virtual
system (vsys) where the GlobalProtect gateway is available. For
a firewall that is not in multi-vsys mode, the Location field
does not appear in the GlobalProtect Gateway dialog. After
you save the gateway configuration, you cannot change the Location. |
Network Settings Area | |
Interface | Select the name of the firewall interface
that will serve as the ingress interface for remote endpoints. (These
interfaces must already exist.) Do
not attach an interface management profile that allows Telnet, SSH,
HTTP, or HTTPS to an interface where you have configured a GlobalProtect
portal or gateway because this will expose the management interface
to the internet. Refer to Best Practices for Securing Administrative Access for
more details on how to protect access to your management network. |
IP Address | (Optional) Specify the IP address
for gateway access. Select the IP Address Type,
then enter the IP Address.
The IP address must be
compatible with the IP address type. For example, 172.16.1.0 for
IPv4 or 21DA:D3:0:2F3b for IPv6. If you choose IPv4 and
IPv6, enter the appropriate address type for each. |
Log Settings | |
Log Successful SSL Handshake | (Optional) Creates detailed logs
of successful SSL Decryption handshakes. Disabled by default. Logs
consume storage space. Before you log successful SSL handshakes,
ensure you have the resources available to store the logs. Edit DeviceSetupManagementLogging and Reporting Settings to
check the current log memory allocation to and re-allocate log memory
among log types. |
Log Unsuccessful SSL Handshake | Creates detailed logs of unsuccessful SSL
Decryption handshakes so you can find the cause of decryption issues.
Enabled by default. Logs consume storage space. To allocate
more (or less) log storage space to Decryption logs, edit the log
memory allocation (DeviceSetupManagementLogging and Reporting Settings). |
Log Forwarding | Specify the method and location to forward
GlobalProtect SSL handshake (decryption) logs. |