enable tunnel mode and then specify the following settings:
—Choose a tunnel interface for access to this gateway.
—Specify the maximum number
of users that can simultaneously access the gateway for authentication,
HIP updates, and GlobalProtect app updates. If the maximum number
of users is reached, subsequent users are denied access with a message
that indicates the maximum number of users has been reached (range
varies by platform and is displayed when the field is empty).
—Select this option to
enable IPSec mode for endpoint traffic, making IPSec the primary
method and SSL-VPN the fallback method. The remaining options are
not available until IPSec is enabled.
GlobalProtect IPSec Crypto
a GlobalProtect IPSec Crypto profile that specifies authentication
and encryption algorithms for the VPN tunnels. The
option to enable Extended Authentication (X-Auth) support in the
GlobalProtect gateway when IPSec is enabled. With X-Auth support,
third party IPSec VPN clients that support X-Auth (such as the IPSec VPN
client on Apple iOS and Android devices and the VPNC client on Linux)
can establish a VPN tunnel with the GlobalProtect gateway. The X-Auth
option provides remote access from the VPN client to a specific
GlobalProtect gateway. Because X-Auth access provides limited GlobalProtect
functionality, consider using the GlobalProtect App for simplified
access to the full security feature set GlobalProtect provides on
iOS and Android devices.
If the group name and group password are specified, the first
authentication phase requires both parties to use this credential
to authenticate. The second phase requires a valid username and
password, which is verified through the authentication profile configured
in the Authentication section.
If no group name and group password are defined, the first authentication
phase is based on a valid certificate presented by the third-party
VPN client. This certificate is then validated through the certificate
profile configured in the authentication section.
By default, the user is not required to re-authenticate when the
key used to establish the IPSec tunnel expires. To require the user
to re-authenticate, clear the