Configure the Portal

After you have completed the GlobalProtect Portal for LSVPN Prerequisite Tasks, configure the GlobalProtect portal as follows:
  1. Add the portal.
    1. Select
      Network
      GlobalProtect
      Portals
      and click
      Add
      .
    2. On the
      General
      tab, enter a
      Name
      for the portal. The portal name should not contain any spaces.
    3. (
      Optional
      ) Select the virtual system to which this portal belongs from the
      Location
      field.
  2. Specify the network information to enable satellites to connect to the portal.
    If you haven’t yet created the network interface for the portal, see Create Interfaces and Zones for the LSVPN for instructions.
    1. Select the
      Interface
      that satellites will use for ingress access to the portal.
    2. Specify the
      IP Address Type
      and
      IP address
      for satellite access to the portal:
      • The IP address type can be
        IPv4
        (for IPv4 traffic only),
        IPv6
        (for IPv6 traffic only, or
        IPv4 and IPv6
        . Use
        IPv4 and IPv6
        if your network supports dual stack configurations, where IPv4 and IPv6 run at the same time.
      • The IP address must be compatible with the IP address type. For example,
        172.16.1/0
        for IPv4 addresses or
        21DA:D3:0:2F3B
        for IPv6 addresses. For dual stack configurations, enter both an IPv4 and IPv6 address.
    3. Click
      OK
      to save changes.
  3. Specify an SSL/TLS Service profile to use to enable the satellite to establish an SSL/TLS connection to the portal.
    If you haven’t yet created an SSL/TLS service profile for the portal and issued gateway certificates, see Deploy Server Certificates to the GlobalProtect LSVPN Components.
    1. On the GlobalProtect Portal Configuration dialog, select
      Authentication
      .
    2. Select the
      SSL/TLS Service Profile
      .
  4. Specify an authentication profile and optional certificate profile for authenticating satellites.
    If the portal can’t validate the serial numbers of connecting satellites, it will fall back to the authentication profile. Therefore, before you can save the portal configuration (by clicking
    OK
    ), you must Configure an authentication profile.
    Add
    a Client Authentication, and then enter a
    Name
    to identify the configuration, select
    OS
    :
    Satellite
    to apply the configuration to all satellites, and specify the
    Authentication Profile
    to use to authenticate satellite devices. You can also specify a
    Certificate Profile
    for the portal to use to authenticate satellite devices.
  5. Continue with defining the configurations to push to the satellites or, if you have already created the satellite configurations, save the portal configuration.
    Click
    OK
    to save the portal configuration or continue to Define the Satellite Configurations.

Related Documentation