We have a requirement where some of the users need to access the GP behind the Sophos.
Users from branch office needs to access GP behind sophos where sophos is connected with Palo alto using ipsec tunnel.
The users behind sophos need to connect with GP of HQ PA firewall. Is it possible?
Not that I'm aware of
Yes it is, there are multiple scenarios If you can set GP up on a loopback interface on a private IP this should be quite easy If users need to connect to the same IP/interface the sophos ipsec tunnel is connected to, this may get tricky: the remote end (sophos) will need to selectively route internal connections to the public PA IP into the tunnel (without routing its own outbound sessions into the tunnel as that will break the tunnel). If this is an option is viable I would probably go with an additional gateway on a loopback with a private IP and add it to the existing portal as an additional GW