PaloAlto VPN Primer

I am building this to place all the resources in one place that you’ll need to build out PA AnyConnect  in your PA Firewall.

First, kudos to PaloAlto, you ca do GlobalProtect VPN without a license  as long as you do not want the host intrusion (HIP).

These links provide the basics, I’ll add in any missing parts / fill in the blanks below.

Guide to Building GlobalProtect

Certificate Configuration on PA

Generate a a Self-Signed Cert for Testing

First caveat I am running into with this, is attempting to configure Global Protect on VM Series Firewall in AWS. I am thinking because all the interfaces are DHCP, that I may have to do some funkiness like terminating Global Protect on loopback and creating a NAT policy. 

An example  I am trying is here

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s