Configure the Portal
- Add the portal.
- Selectand clickNetworkGlobalProtectPortalsAdd.
- On theGeneraltab, enter aNamefor the portal. The portal name should not contain any spaces.
- (Optional) Select the virtual system to which this portal belongs from theLocationfield.
- Specify the network information to enable satellites to connect to the portal.
- Select theInterfacethat satellites will use for ingress access to the portal.
- Specify theIP Address TypeandIP addressfor satellite access to the portal:
- The IP address type can beIPv4(for IPv4 traffic only),IPv6(for IPv6 traffic only, orIPv4 and IPv6. UseIPv4 and IPv6if your network supports dual stack configurations, where IPv4 and IPv6 run at the same time.
- The IP address must be compatible with the IP address type. For example,172.16.1/0for IPv4 addresses or21DA:D3:0:2F3Bfor IPv6 addresses. For dual stack configurations, enter both an IPv4 and IPv6 address.
- ClickOKto save changes.
- Specify an SSL/TLS Service profile to use to enable the satellite to establish an SSL/TLS connection to the portal.
- On the GlobalProtect Portal Configuration dialog, selectAuthentication.
- Select theSSL/TLS Service Profile.
- Specify an authentication profile and optional certificate profile for authenticating satellites.If the portal can’t validate the serial numbers of connecting satellites, it will fall back to the authentication profile. Therefore, before you can save the portal configuration (by clickingOK), you must Configure an authentication profile.Adda Client Authentication, and then enter aNameto identify the configuration, selectOS:Satelliteto apply the configuration to all satellites, and specify theAuthentication Profileto use to authenticate satellite devices. You can also specify aCertificate Profilefor the portal to use to authenticate satellite devices.
- Continue with defining the configurations to push to the satellites or, if you have already created the satellite configurations, save the portal configuration.
Configure GlobalProtect Gateways for LSVPN
Configure GlobalProtect Gateways for LSVPN Because the GlobalProtect configuration that the portal delivers to the satellites includes the list of gateways the satellite can connect ...
Configure the Portal to Authenticate Satellites
Configure the Portal to Authenticate Satellites In order to register with the LSVPN, each satellite must establish an SSL/TLS connection with the portal. After establishing ...
GlobalProtect Portal Satellite Configuration Tab
GlobalProtect Portal Satellite Configuration Tab A satellite is a Palo Alto Networks® firewall—typically at a branch office—that acts as a GlobalProtect agent to enable the ...
Basic LSVPN Configuration with Static Routing
Basic LSVPN Configuration with Static Routing This quick config shows the fastest way to get up and running with LSVPN. In this example, a single ...
Define the Satellite Configurations
Define the Satellite Configurations When a GlobalProtect satellite connects and successfully authenticates to the GlobalProtect portal, the portal delivers a satellite configuration, which specifies what ...
GlobalProtect Portals Authentication Configuration Tab
GlobalProtect Portals Authentication Configuration Tab Select Network GlobalProtect Portals Authentication to configure several different types of GlobalProtect portal settings: An SSL/TLS service profile that the ...
GlobalProtect Portal for LSVPN Prerequisite Tasks
GlobalProtect Portal for LSVPN Prerequisite Tasks Before configuring the GlobalProtect portal, you must complete the following tasks: Create Interfaces and Zones for the LSVPN on ...
Advanced LSVPN Configuration with iBGP
Advanced LSVPN Configuration with iBGP This use case illustrates how GlobalProtect LSVPN securely connects distributed office locations with primary and disaster recovery data centers that ...
GlobalProtect Gateway Satellite Configuration Tab
GlobalProtect Gateway Satellite Configuration Tab A satellite is a Palo Alto Networks firewall—typically at a branch office—that acts as a GlobalProtect agent to enable it ...