Configure the Portal
After you have completed the GlobalProtect Portal for LSVPN Prerequisite Tasks, configure the GlobalProtect portal as follows:
- Add the portal.
- Select NetworkGlobalProtectPortals and click Add.
- On the General tab, enter a Name for the portal. The portal name should not contain any spaces.
- (Optional) Select the virtual system to which this portal belongs from the Location field.
- Specify the network information to enable satellites
to connect to the portal.If you haven’t yet created the network interface for the portal, see Create Interfaces and Zones for the LSVPN for instructions.
- Select the Interface that satellites will use for ingress access to the portal.
- Specify the IP Address Type and IP
address for satellite access to the portal:
- The IP address type can be IPv4 (for IPv4 traffic only), IPv6 (for IPv6 traffic only, or IPv4 and IPv6. Use IPv4 and IPv6 if your network supports dual stack configurations, where IPv4 and IPv6 run at the same time.
- The IP address must be compatible with the IP address type. For example, 172.16.1/0 for IPv4 addresses or 21DA:D3:0:2F3B for IPv6 addresses. For dual stack configurations, enter both an IPv4 and IPv6 address.
- Click OK to save changes.
- Specify an SSL/TLS Service profile to use to enable the
satellite to establish an SSL/TLS connection to the portal.If you haven’t yet created an SSL/TLS service profile for the portal and issued gateway certificates, see Deploy Server Certificates to the GlobalProtect LSVPN Components.
- On the GlobalProtect Portal Configuration dialog, select Authentication.
- Select the SSL/TLS Service Profile.
- Specify an authentication profile and optional certificate
profile for authenticating satellites.If the portal can’t validate the serial numbers of connecting satellites, it will fall back to the authentication profile. Therefore, before you can save the portal configuration (by clicking OK), you must Configure an authentication profile.Add a Client Authentication, and then enter a Name to identify the configuration, select OS: Satellite to apply the configuration to all satellites, and specify the Authentication Profile to use to authenticate satellite devices. You can also specify a Certificate Profile for the portal to use to authenticate satellite devices.
- Continue with defining the configurations to push to
the satellites or, if you have already created the satellite configurations,
save the portal configuration.Click OK to save the portal configuration or continue to Define the Satellite Configurations.
Configure GlobalProtect Gateways for LSVPN
Configure GlobalProtect Gateways for LSVPN Because the GlobalProtect configuration that the portal delivers to the satellites includes the list of gateways the satellite can connect ...
Configure the Portal to Authenticate Satellites
Configure the Portal to Authenticate Satellites In order to register with the LSVPN, each satellite must establish an SSL/TLS connection with the portal. After establishing ...
GlobalProtect Portal Satellite Configuration Tab
GlobalProtect Portal Satellite Configuration Tab A satellite is a Palo Alto Networks® firewall—typically at a branch office—that acts as a GlobalProtect agent to enable the ...
Basic LSVPN Configuration with Static Routing
Basic LSVPN Configuration with Static Routing This quick config shows the fastest way to get up and running with LSVPN. In this example, a single ...
Define the Satellite Configurations
Define the Satellite Configurations When a GlobalProtect satellite connects and successfully authenticates to the GlobalProtect portal, the portal delivers a satellite configuration, which specifies what ...
GlobalProtect Portals Authentication Configuration Tab
GlobalProtect Portals Authentication Configuration Tab Select Network GlobalProtect Portals Authentication to configure several different types of GlobalProtect portal settings: An SSL/TLS service profile that the ...
GlobalProtect Portal for LSVPN Prerequisite Tasks
GlobalProtect Portal for LSVPN Prerequisite Tasks Before configuring the GlobalProtect portal, you must complete the following tasks: Create Interfaces and Zones for the LSVPN on ...
Advanced LSVPN Configuration with iBGP
Advanced LSVPN Configuration with iBGP This use case illustrates how GlobalProtect LSVPN securely connects distributed office locations with primary and disaster recovery data centers that ...
GlobalProtect Gateway Satellite Configuration Tab
GlobalProtect Gateway Satellite Configuration Tab A satellite is a Palo Alto Networks firewall—typically at a branch office—that acts as a GlobalProtect agent to enable it ...