Do not attach an interface management profile
that allows HTTP, HTTPS, Telnet, or SSH on the interface where you
have configured a GlobalProtect portal or gateway because this enables
access to your management interface from the internet. Follow the Best Practices for Securing Administrative Access to
ensure that you are securing administrative access to your firewalls
in a way that will prevent successful attacks.
Select
General
.
In the Network Settings area, select an
Interface
.
Specify the
IP Address Type
and
IP
address
for the portal web service:
The IP address type can be
IPv4 Only
,
IPv6
Only
, or
IPv4 and IPv6.
Use
IPv4
and IPv6
if your network supports dual stack configurations,
where IPv4 and IPv6 run at the same time.
The IP address must be compatible with the IP address type.
For example,
172.16.1.0
for IPv4 addresses
or
21DA:D3:0::2F3b
for IPv6 addresses.
For dual stack configurations, enter both an IPv4 and IPv6 address.
If you want to allow users to authenticate to the portal
using either user credentials OR a client certificate, and you select
an Authentication Profile for
user authentication, the
Certificate Profile
is
optional.
If you want to allow users to authenticate to the portal
using either user credentials OR a client certificate, and you do
not select an Authentication Profile for
user authentication, the
If you allow users
to authenticate to the portal using either user credentials OR a
client certificate, select a
Certificate Profile
with
the
Username Field
set to
Subject
or
Subject
Alt
.
Define
the data that the GlobalProtect app collects from connecting endpoints
after users successfully authenticate to the portal.
The GlobalProtect app sends this data to the portal to
match against the selection criteria that
you define for each portal agent configuration. Based on this criteria,
the portal delivers a specific agent configuration to the GlobalProtect
apps that connect.
Select
Portal Data Collection
.
Configure any of the following data collection settings:
If you want the GlobalProtect app to collect machine
certificates from connecting endpoints, select the
Certificate
Profile
that specifies the machines certificates that
you want to collect.
If you want the GlobalProtect app to collect custom host
information from connecting endpoints, define the following registry
or plist data in the Custom Checks area:
To collect
registry data from Windows endpoints, select
Windows
and
then
Add
the
Registry Key
and
corresponding
Registry Value
.
To collect plist data from macOS endpoints, select