Palo Alto GlobalProtect with multiple AD groups [2024]
HTML-код
- Опубликовано: 24 июл 2024
- #paloaltofirewall #paloaltonetworks #firewall #globalprotect #vpn
In this tutorial you'll learn how to configure GlobalProtect on the Palo Alto Firewall to allow secure and scalable remote access from users in different Microsoft Active Directory groups. We will be simulating a configuration of VPN access from two different service suppliers who need to access different servers in our company.
After configuring the firewall, we will connect through GlobalProtect on a Windows client using two different credentials (from service provider A and B) and test the VPN connections to two linux servers inside our fictional corporate network.
If you need a step-by-step tutorial on how to configure basic GlobalProtect on your Palo Alto Firewall, take a look at this video:
• Palo Alto GlobalProtec...
Questions, suggestions, or any kind of feedback? Please don't hesitate to comment below! I will reply as soon as possible.
Timeline:
00:00 Palo Alto Globalprotect VPN Configuration with several AD Groups
01:10 Introduction - Network Diagram
01:56 Active Directory configuration
03:34 LDAP configuration on the Firewall
06:51 Group-Mapping Settings
13:42 Network Interfaces
14:18 Security Policies
18:45 Certificates
19:14 GlobalProtect Portal
22:33 GlobalProtect Gateway
27:19 Tests with GlobalProtect
31:47 Group Include List Наука
FREE Palo Alto Cheat Sheet in different formats and further FREE resources: netsums.com/resources
These videos are amazing, thank you
Cool, I'm glad you like them. :)
excellent video
Thank you very much for your comment!
Brilliant
Thank you for the nice comment. :)
I have a requirement from a customer to pull user groups via radius to use in GP client config to assign different IP pools to each. im having issues pulling the user groups. i have configured the specific VSA's on the radius as per palo KB's but cannot view them in the auth profile or add them manually in the auth profile or client config. Are you able to point me in the right direction?
I also needed to do some research, but if you followed the Palo Alto KB for installing the Radius VSA, I don't really know what you're missing, sorry. Let me know later if you found a solution.