Do not attach an interface management profile
that allows HTTP, HTTPS, Telnet, or SSH on the interface where you
have configured a GlobalProtect portal or gateway because this enables
access to your management interface from the internet. Follow the Best Practices for Securing Administrative Access to
ensure that you are securing administrative access to your firewalls
in a way that will prevent successful attacks.
In the Network Settings area, select an
IP Address Type
for the portal web service:
The IP address type can be
IPv4 and IPv6.
if your network supports dual stack configurations,
where IPv4 and IPv6 run at the same time.
The IP address must be compatible with the IP address type.
for IPv4 addresses
for IPv6 addresses.
For dual stack configurations, enter both an IPv4 and IPv6 address.
If you allow users
to authenticate to the portal using either user credentials OR a
client certificate, select a
the data that the GlobalProtect app collects from connecting endpoints
after users successfully authenticate to the portal.
The GlobalProtect app sends this data to the portal to
match against the selection criteria that
you define for each portal agent configuration. Based on this criteria,
the portal delivers a specific agent configuration to the GlobalProtect
apps that connect.
Portal Data Collection
Configure any of the following data collection settings:
If you want the GlobalProtect app to collect machine
certificates from connecting endpoints, select the
that specifies the machines certificates that
you want to collect.
If you want the GlobalProtect app to collect custom host
information from connecting endpoints, define the following registry
or plist data in the Custom Checks area:
registry data from Windows endpoints, select
To collect plist data from macOS endpoints, select