: Starting with PAN-OS
9.0, and GlobalProtect™ app 5.0.6 with Content Version 8207-5750.
: Android, iOS, Linux, macOS, Windows
the challenges of reliable connectivity in regions where IPSec is
not permitted or to offer a fallback option to use SSL instead of
IPSec, you can now specify whether to use SSL in the app configuration
of your GlobalProtect portal. For VPN access, you can opt to enforce
SSL connections only, disallow SSL connections, or allow the user
to choose SSL or IPSec (default) depending on the geo-location and
network performance to provide the best user experience.
the user successfully establishes a VPN connection, on the GlobalProtect
app they can verify whether the connection uses SSL or IPSec.
On the firewall configured to act as the GlobalProtect
portal, select the relevant app configuration.
Connect with SSL Only
you want to allow.
The options are:
that all GlobalProtect clients connect using SSL only.
—Connects with the protocol configured
on the gateway for the VPN connection. If the gateway configuration
has enabled IPSec, then it will use IPSec for the VPN connection.
If the gateway has SSL configured, then it will use SSL for the
User can Change
—Allow the user to
change, whether they want to use SSL or stay with IPSec, on the GlobalProtect
app. On the app, the user can select