Global protect Always On - External connections

To test this feature, visit your live site.

Hello community and master reaper

I hope you are well.

I have had to configure Global Protect on several occasions but I have a question that I am being asked in this case:

Is it possible in S.O windows to use the Always On, filtering that only connects to GP when it detects the connection in an External way, home-office, cafe, client offices,etc, but when it is in the HQ, it does not connect to GP.

Is it feasible and what would be the important recommendations to consider to implement it?

Thanks

I remain attentive

Best regards

3 comments

Comments (3)

Reaper

Jan 09

Not sure what you mean by S.O windows.

You can configure "internal host detection" in the portal configuration

You need to have an IP address that, when the user is in the corporate network, resolved (in-addr.arpa) to a specific host name e.g. when you lookup 10.0.0.53 it resolves to server-x.company.local. When that feature is configured the GlobalProtect agent will not connect when it is inside the Corp network but will be always-on if it is anywhere else

MetgatzGR

Jan 11

Replying to

Thanks master@Reaper

The best method for this is use pre logon always on that right ? for this objetive and situation ?

Reaper

Jan 11

Replying to

Pre-logon is not required, that simply connects the VPN before the user is logged on

For what you describe alwasy-on + internal host detection would achieve the objective

Pre-logon is a nice bonus for "zero trust" compliance

Forum: Forum