Configure the Portal
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure the Portal
After you have completed the GlobalProtect
Portal for LSVPN Prerequisite Tasks, configure the GlobalProtect portal
as follows:
- Add the portal.
- Select NetworkGlobalProtectPortals and click Add.On the General tab, enter a Name for the portal. The portal name should not contain any spaces.(Optional) Select the virtual system to which this portal belongs from the Location field.Specify the network information to enable satellites to connect to the portal.If you haven’t yet created the network interface for the portal, see Create Interfaces and Zones for the LSVPN for instructions.
- Select the Interface that satellites will use for ingress access to the portal.Specify the IP Address Type and IP address for satellite access to the portal:
- The IP address type can be IPv4 (for IPv4 traffic only), IPv6 (for IPv6 traffic only, or IPv4 and IPv6. Use IPv4 and IPv6 if your network supports dual stack configurations, where IPv4 and IPv6 run at the same time.
- The IP address must be compatible with the IP address type. For example, 172.16.1/0 for IPv4 addresses or 21DA:D3:0:2F3B for IPv6 addresses. For dual stack configurations, enter both an IPv4 and IPv6 address.
Click OK to save changes.Specify an SSL/TLS Service profile to use to enable the satellite to establish an SSL/TLS connection to the portal.If you haven’t yet created an SSL/TLS service profile for the portal and issued gateway certificates, see Deploy Server Certificates to the GlobalProtect LSVPN Components.- On the GlobalProtect Portal Configuration dialog, select Authentication.Select the SSL/TLS Service Profile.Specify an authentication profile and optional certificate profile for authenticating satellites.The first time the satellite connects to the portal it must authenticate using local database authentication (on subsequent sessions it uses a satellite cookie issued by the portal). Therefore, before you can save the portal configuration (by clicking OK), you must Configure an authentication profile.Add a Client Authentication, and then enter a Name to identify the configuration, select OS: Satellite to apply the configuration to all satellites, and specify the Authentication Profile to use to authenticate satellite devices. You can also specify a Certificate Profile for the portal to use to authenticate satellite devices.Continue with defining the configurations to push to the satellites or, if you have already created the satellite configurations, save the portal configuration.Click OK to save the portal configuration or continue to Define the Satellite Configurations.