Requirements for Using Explicit Proxy with GlobalProtect
or a Third-Party VPN
Follow these requirements and recommendations to use
Explicit Proxy with GlobalProtect or third-party VPNs.
| Where Can I Use
This? | What Do I Need? |
|---|
Before you start your configuration, make sure that you follow
the requirements and recommendations that are required to deploy
Explicit Proxy with GlobalProtect or with a third-party VPN:
You
configure a split tunnel configuration in GlobalProtect. The examples
in this section show traffic being split based on a
domain (URL) or application;
however, you can also split traffic based on
the access route.
You
can also configure
split DNS options in GlobalProtect
to configure which domains are resolved by the VPN assigned DNS
servers and which domains are resolved by the local DNS servers.
To use Explicit Proxy with a third-party VPN, you must deploy
the VPN solution.
Make a list of the applications that you want to secure with
the Mobile Users—GlobalProtect or third-party VPN deployment.
For
example, if you are configuring Explicit Proxy with GlobalProtect,
you should configure GlobalProtect to secure all access to private
apps or resources, while configuring the Explicit Proxy PAC file
to secure public apps or SaaS applications. The configuration examples
in this section have GlobalProtect resolving the internal domains
and Explicit Proxy resolving external domains.
Configure authentication for Explicit Proxy and GlobalProtect
or the third-party VPN.
Palo Alto Networks recommends that
you use the default browser on each mobile user’s endpoint for SAML
authentication so you can take advantage of single sign-on (SSO)
by editing the portal configuration as shown in
Set Up Explicit Proxy.
