>
    Strata Copilot
    Configure the Portal
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Large Scale VPN (LSVPN)
    4. Configure the GlobalProtect Portal for LSVPN
    5. Configure the Portal
    Download PDF

    Configure the Portal

    Table of Contents
    End-of-Life (EoL)

    Configure the Portal

    After you’ve completed the GlobalProtect Portal for LSVPN Prerequisite Tasks, configure the GlobalProtect portal as follows:
    1. Add the portal.
      1. Select NetworkGlobalProtectPortals and click Add.
      2. On the General tab, enter a Name for the portal. The portal name shouldn’t contain any spaces.
      3. (Optional) Select the virtual system to which this portal belongs from the Location field.
    2. Specify the network information to enable satellites to connect to the portal.
      If you haven’t yet created the network interface for the portal, see Create Interfaces and Zones for the LSVPN for instructions.
      1. Select the Interface that satellites will use for ingress access to the portal.
      2. Specify the IP Address Type and IP address for satellite access to the portal:
        • The IP address type can be IPv4 (for IPv4 traffic only), IPv6 (for IPv6 traffic only, or IPv4 and IPv6. Use IPv4 and IPv6 if your network supports dual stack configurations, where IPv4 and IPv6 run at the same time.
        • The IP address must be compatible with the IP address type. For example, 172.16.1/0 for IPv4 addresses or 21DA:D3:0:2F3B for IPv6 addresses. For dual stack configurations, enter both an IPv4 and IPv6 address.
      3. Click OK to save changes.
    3. Specify an SSL/TLS Service Profile to use to enable the satellite to establish an SSL/TLS connection to the portal.
      If you haven’t yet created an SSL/TLS Service Profile for the portal and issued gateway certificates, see Deploy Server Certificates to the GlobalProtect LSVPN Components.
      1. On the GlobalProtect portal configuration dialog, select Authentication.
      2. Select the SSL/TLS Service Profile.
    4. Specify an authentication profile and optional Certificate Profile for authenticating satellites.
      The first time the satellite connects to the portal, it must authenticate using local database authentication (on subsequent sessions it uses a satellite cookie issued by the portal). Therefore, before you can save the portal configuration (by clicking OK), you must Configure an authentication profile.
      Add a Client Authentication, and then enter a Name to identify the configuration, select OS: Satellite to apply the configuration to all satellites, and specify the Authentication Profile to use to authenticate satellite devices. You can also specify a Certificate Profile for the portal to use to authenticate satellite devices.
    5. Continue with defining the configurations to push to the satellites or, if you’ve already created the satellite configurations, save the portal configuration.
      Click OK to save the portal configuration or continue to Define the Satellite Configurations.

    © 2025 Palo Alto Networks, Inc. All rights reserved.