Monday, August 8, 2022
ALTERNATIVE WAY
  • Home
  • Latest
  • News
  • World Tech
  • World Gaming
  • Guides
  • About The Team
  • Privacy Policy
  • Terms of Use
  • Contact Us
No Result
View All Result
  • Home
  • Latest
  • News
  • World Tech
  • World Gaming
  • Guides
  • About The Team
  • Privacy Policy
  • Terms of Use
  • Contact Us
No Result
View All Result
ALTERNATIVE WAY
No Result
View All Result

Guide to configure GlobalProtect SSL VPN for users from outside the internet to access the internal network –

Gordon James by Gordon James
October 3, 2021
in World Tech Code
0 0
0
Home World Tech Code

1. Purpose of Article

In this article, techbast explains how to configure the GlobalProtect SSL VPN feature on the Palo Alto Firewall appliance to allow users outside the system to access the internal network.

2. Diagram

Details:

  • The Palo Alto Firewall appliance connects to the Internet through an Ethernet1/1 port with the WAN IP address 113.161.x.x.
  • The Palo Alto zone LAN device configured on the Ethernet1/2 port distributes a network layer of 10.146.41.0/24 using DHCP.
  • We will have a computer outside the Internet zone to make the GlobalProtect SSL VPN connection.

3.scenario

We configure the GlobalProtect SSL VPN calculation on the Palo Alto device. Once configured and connected, we get a network level IP of 10.146.41.0/24 and access to LAN level resources.

4. What to do

  • Create a certificate.
  • Create an SSL/TLS service profile.
  • Create a user.
  • To create an authentication profile
  • Make a tunnel gate.
  • Create GlobalProtect gateways.
  • Create the GlobalProtect portal.
  • Update and download the GlobalProtect software for your Palo Alto device.
  • Install GlobalProtect and establish a VPN connection.

5. Configuration

5.1 Creating a certificate

In this article we are going to configure GlobalProtect for external users, so we need 2 certificates, one for the portal and one external for the internet gateway.

To create a certificate, go to Device > Certificate Manager > Certificates.

Click Create and create a portal certificate with the following information:

  • Name of the certificate : GlobalProtect
  • Common name: GlobalProtect
  • Select the Certificate Authority check box.
  • Click on Generate.

After you create the GlobalProtect certificate, click Generate to create a remote gateway certificate.

We make the following information:

  • Certificate name: external gw-portal
  • Common name: 113.161.x.x (This is the WAN IP address)
  • Signed: Select the GlobalProtect certificate you just created.
  • Click on Generate.

Click on Confirm and OK to save your configuration changes.

5.2. Creating an SSL/TLS service profile

To create it, go to Device > Certificate Manager > SSL/TLS Service Profile.

Click Add to create an SSL/TLS service profile with the following settings:

  • Name : gw-portal external.
  • Certificate: Select the external-gw-portal certificate you just created.
  • Min version: Select TLSv1.0.
  • Maximum Version : Select Max.
  • Press OK.

Click on Confirm and OK to save your configuration changes.

5.3. Creating a user

In this section, we will create a login account to connect to GlobalProtect.

To create a user, go to Device > Local User Database > Users.

Click Add and create a user with the following information:

  • Name : testvpn.
  • Fashion: Password.
  • Password: 123456a@
  • Confirm password: 123456a @
  • Press OK.

Click on Confirm and OK to save your configuration changes.

5.4. Creating an Authentication Profile

We need to create an authentication profile for local users so that the firewall can refer to it to check whether or not the user account is included in the list of authorized VPN users. If a list exists, it is used to authenticate the user with the correct account and password.

To create an authentication profile, go to Device > Authentication Profile > Click Add and enter the following information.

Authentication tab :

  • Name: Local.
  • Type: Select Local Database.
  • Change user name: select %USERINPUT%.

Advanced Tab :

  • In the List of Permissions table, click Add and select All.
  • If you select all, i.e. use all users, you can also select the desired user instead of selecting all.
  • Press OK.

Click on Confirm and OK to save your configuration changes.

5.5. Making a tunnel gate

We need to create a tunnel for the VPN connection. Go to Network>Interfaces>Tunnel.

Click the Add button and create with the following parameters:

  • Interface name: tunnel.1.
  • Virtual routers : VR1 (we need to add it so the user can still access the Internet in the connected state).
  • Security zone: chọn trust player3 (We will put the people connecting to the VPN in the same LAN zone).
  • Press OK.

Click on Confirm and OK to save your configuration changes.

5.6. Tạo GlobalProtect Gateways.

Để tạo gateway chúng ta vao Network > GlobalProtect > Gateways.

Nhấn Add va tạo theo các thông số sau :

General tab :

  • Name: GlobalProtect_Gateways.
  • Interface: chọn ethernet1/1 (đvy there cổng wan)
  • IP address type : IPv4 only.
  • IPv4 address : No.

Authentication tab :

  • SSL/TLS service profile: chọn external gw portal.
  • Tại bảng Customer Authentication nhấn Add va cấu hmnh theo các thông số sau.
  • Name : ex-gp of
  • OS: Every person
  • Authentication profile: chọn Local.
  • Nhấn OK để lưu.

Agent Taxi Driver:

Trong bảng tunnel institutions chúng ta cấu hình như sau :

  • Tunnel mode: tích chọn.
  • Tunnel interface: chọn tunnel.1
  • Tích chọn IPSec enable.

You can limit the addition of files in the client settings:

  • Trong bảng IP Polish chúng ta nhập vao dãy IP sẽ được cấp phát khi người dùng kết nối VPN, ở đvy nhập vao dãy 10.146.41.151-10.146.41.250.

  • Tunnel Trong Split ở chỗ enable chun ta cần nhập vao lớp mạng LAN 10.146.41.0/24 ma chúng ta muốn người dùng có thể truy cập vao khi kết nối VPN.
  • Nhấn OK 2 lần để lưu.

Nhấn be sure you are doing something right để lưu các thay đổi.

5.7. Tạo GlobalProtect Portal

Để tạo GlobalProtect Portal vao Network > GlobalProtect > Portals.

Nhấn Add va cấu hình theo các thông số sau :

General tab :

  • Name : gp-portal
  • Interface: ethernet1/1
  • IP address type : IPv4 only

Authentication tab :

  • SSL/TLS service profile: chọn external gw portal.

Trong bảng Client Authentication nhấn Add va cấu hmnh theo các thông số sau :

  • Name: Local version
  • OS: Every person
  • Authentication Profile : Local
  • Nhấn OK để lưu.

Agent Taxi Driver:

Nhấn Add ở bảng Agent va cấu hmnh theo các thông số sau :

  • Trong bảng Authentication điền tên là portal-agent-config tại Name.
  • Tại bảng external nhấn Add va cấu hình theo thông tin sau.
  • Name : ext-gw-1
  • Address: chọn IP
  • IPv4: 113.161.x.x
  • Nhấn Add va chọn Any cho Source Region cho Priority.
  • Nhấn OK để lưu.

Tại mục Trusted Root CA các bạn nhấn Add va chọn GlobalProtect certificate va tích chọn Install to Local Root Certificate Store.

Nhấn OK để lưu.

Nhấn be sure you are doing something right để lưu các thay đổi.

5.8. Cập nhật va tải phần mềm GlobalProtect cho thiết bị Palo Alto.

Tiếp theo chúng ta cần tải phần mềm GlobalProtect về thiết bị Palo Alto.

Để tải vao Device > GlobalProtect Client > nhấn Check now.

Một danh sách các phikn bản sẽ xuất hiện, ở đây mình sẽ bản chọn phikn bản mới nhất la 5.2.5.

Sau khi xác định được phiên bản cần tải chúng ta nhấn Download ở cột Action.

Sau khi quá trình download hoàn tất chúng ta nhấn Activate tại cột Action để kích hoạt sử dụng phikn bản nay khi người dùng truy cập VPN.

5.8. Cài đặt phần mềm GlobalProtect va thực hiện kết nối VPN.

Chúng ta sẽ thực hiện cai đặt phần mềm GlobalProtect trkn máy người dùng ngoai mạng internet va thực hiện VPN về thiết bị.

Đầu tiên chúng ta cần truy cập vao đường dẫn https://113.161.x.x để vao trang portal của GlobalProtect va nhập tài khoản testvpn chúng ta tạo để đăng nhập.

Sau khi đăng nhập trang sẽ hiện ra phần mềm GlobalProtect cho chúng ta tải xuống, chúng ta cần chọn phần mềm phù hợp với hệ điều hành đang sử dụng.

Sau khi chọn va tải về chúng ta thực hiện cai đặt file theo hmnh sau.

Sau hai đặt xong chúng ta nhập IP WAN của thiết bị Palo Alto là 113.161.x.x vao va nhấn Connect.

Lúc này bảng Server Certificate Error sẽ xuất hiện yku cầu chúng ta phải cài certificate lkn trên máy tính.

Để cai nhấn see the certificate.

Nhấn sense.

Chọn Local Machine va nhấn Next.

Nhấn End then để hoàn thành quá trmnh cài đặt.

Sau khi cài đặt Certificate xong chúng ta nhấn OK tại bảng Certificate va Continue tại bảng Server Certificate Error để tiếp tục.

Sau khi cài đặt certificat xong thm bảng đăng nhập của GlobalProtect hiện ra, nhập vao tài khoản testvpn, mật khẩu va nhấn Sign In để kết nối.

Chờ khoảng vai giây để kết nối.

Va chúng ta đr kết nối VPN thành công về thiết bị Palo Alto.

Thegioifirewall sẽ thực hiện ping về cổng LAN có địa chỉ IP 10.146.41.1 va 1 server có địa chỉ IP 10.146.41.65 để kiểm tra kết quả.

Kết quả la cbc mạng đr Thông nhau sau khi kết nối VPN được thiết lập.

YOU MAY ALSO BE INTERESTED IN

frequently asked questions

How do I configure GlobalProtect?

Global protection…

How do I configure DNS proxies for GlobalProtect clients?

Article from KCS…

How can I set up a registration for GlobalProtect?

global protection portals

Related Tags:

globalprotect client settingsglobalprotect settings account userglobalprotect client configuration fileglobalprotect pre-logonpalo alto ssl vpn clientglobalprotect config file location,People also search for,Feedback,Privacy settings,How Search works,globalprotect client settings,globalprotect settings account user,globalprotect client configuration file,globalprotect vpn configuration from windows,globalprotect pre-logon,globalprotect machine certificate authentication,palo alto ssl vpn client,globalprotect config file location

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0
ShareTweetShare
Gordon James

Gordon James

Next Post

How to config Decryption –

  • Trending
  • Comments
  • Latest
How To Get Free Internet On Android Without Service

How To Get Free Internet On Android Without Service

March 10, 2022

🥇 +4 Neo Geo Emulators for Android  List ▷ 2021

October 3, 2021

Fix: Notifications not working on Nova Launcher

October 3, 2021

How to Fix OpenVPN Connected but Not Changing IP Address

October 3, 2021

Setting Up Directory Sync Between On-Premises Active Directory with Microsoft 365 Azure AD

0

🥇 DELETE ACCOUNT from PS4  ▷ Step by Step Guide ▷ 2020

0

🥇 PPTX File Extension  What is .Pptx and how to open them? ▷ 2020

0

🥇 Make a Crossword in Microsoft Word  Step by Step Guide ▷ 2020

0
Social Media App

Social Media App

August 4, 2022

7 Best Online Games to Brain Train Yourself

August 2, 2022

The Main purpose of Travis Scott Shoes

August 1, 2022

How to Use Throwables in PUBGM + More

August 8, 2022

There's always an alternative Way!
No Result
View All Result
  • Home
  • Latest
  • News
  • World Tech
  • World Gaming
  • Guides
  • About The Team
  • Privacy Policy
  • Terms of Use
  • Contact Us

© 2022 - Alternative Way

No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • Travel News

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT