Thanks. Great video. Could you please explain how the NAT is applied by firewall and how to configure it for particularly clientless VPN. In my case the GP-clientless interface has public IP, I want it to be Natted somehow. And is there any way we can assign an IP pool similar to what we assign for client/agent-based VPN? Any help here is much appreciated.
Hi, sorry for my late reply. The firewall uses its "closest" interface to the target as the source interface (take a look at minute 16:18). So the firewall does NAT using it's own IP addresses. In your case the connection will be natted, since I suppose your application (target) is not in your outside zone. 🙂 I don't think it's possible to assign an IP pool to clientless VPN, since the firewall uses its own interfaces as source.
Hello Ricardo, congratulations for the excellent channel. Could the Captive Portal be used to authenticate and allow access from the Internet to an internal server? I tried to implement the solution in "lab" but the authentication web form is only offered to me if I try to reach the internal server directly. If I try to reach only the "public" interface of the firewall the web form does not appear..
Good video...If both clientless and client based VPN is enabled on same portal, how do we restrict clientless VPN users from accessing client based VPN?
You can restrict the user/user group in each of the connection method. For clientless, in the Application configuration you can add, for example, Active Directory Group A and in the agent configuration (client based) AD Group B.
I agree, it's not easy. But I believe it's because it has a lot of options. After a while you start understanding better why some things are like that and you start finding things easier. :-)
Dear sir, kindly make videos on how to configure and implement Palo Alto Firewall in VMWARE VMC CLOUD SDDC and AWS in details with details steps and explanations for the same and how to configure NAT and the Palo Alto Firewall Architecture inside a multi cloud environment of VMWARE and AWS together
![GlobalProtect Gateway Selection (Multi-Gateway Configuration) [2024]](http://i.ytimg.com/vi/VJiJ_x9Bfww/mqdefault.jpg)
![GlobalProtect Gateway Selection (Multi-Gateway Configuration) [2024]](/img/tr.png)
![Palo Alto GlobalProtect - Must-Know Portal Settings & Tips [2024]](http://i.ytimg.com/vi/ZyZ95QHGGWY/mqdefault.jpg)
![Palo Alto SSL Inbound Inspection with Let's Encrypt Certificate [2024]](/img/n.gif)
Great Video, Many thanks
Glad you enjoyed it! Thank you also for the comment.
Can you please provide the best approach to configure GP HIP?
Thanks. Great video. Could you please explain how the NAT is applied by firewall and how to configure it for particularly clientless VPN. In my case the GP-clientless interface has public IP, I want it to be Natted somehow. And is there any way we can assign an IP pool similar to what we assign for client/agent-based VPN? Any help here is much appreciated.
Hi, sorry for my late reply.
The firewall uses its "closest" interface to the target as the source interface (take a look at minute 16:18). So the firewall does NAT using it's own IP addresses. In your case the connection will be natted, since I suppose your application (target) is not in your outside zone. 🙂
I don't think it's possible to assign an IP pool to clientless VPN, since the firewall uses its own interfaces as source.
Hello Ricardo,
congratulations for the excellent channel.
Could the Captive Portal be used to authenticate and allow access from the Internet to an internal server? I tried to implement the solution in "lab" but the authentication web form is only offered to me if I try to reach the internal server directly. If I try to reach only the "public" interface of the firewall the web form does not appear..
please create video to configure laptop in auto pilot mode
Good video...If both clientless and client based VPN is enabled on same portal, how do we restrict clientless VPN users from accessing client based VPN?
You can restrict the user/user group in each of the connection method. For clientless, in the Application configuration you can add, for example, Active Directory Group A and in the agent configuration (client based) AD Group B.
Great video thank you, my clientless vpn shows 404 not found, after logging accessing published link. How can I over come this?
My first guess would be that your link is not correct. Do you see the correct url in the address bar?
I feel very complicated and difficult to use the PA firewall.
I agree, it's not easy. But I believe it's because it has a lot of options. After a while you start understanding better why some things are like that and you start finding things easier. :-)
Thanks a lot
please we need videos for ips vpn with different firewall /proxy id
Hi. I'm assuming you mean Site-2-Site. Take a look at this video here: th-cam.com/video/GPANrMczTz4/w-d-xo.htmlfeature=shared
Thank you, I saw that but I need to do it from two different devices/proxy id fur ex Juniper vs Palo Alto
@@netsums
Dear sir, kindly make videos on how to configure and implement Palo Alto Firewall in VMWARE VMC CLOUD SDDC and AWS in details with details steps and explanations for the same and how to configure NAT and the Palo Alto Firewall Architecture inside a multi cloud environment of VMWARE and AWS together
I'll keep it in mind for the next videos, thank you for the suggestion.
@@netsums Thanks Sir
@@netsums Also please kindly make videos on HA configuration in Palo Alto with respect to the AWS and VMWARE VMC CLOUD environment
hello
what is mean “application URL” ?
please
Hi, application URL is the URL of your target site or application. In the case of the video, I entered the URL from a web server in my lab.