Difference between revisions of "GlobalProtect (Palo Alto)"

From wikieduonline
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Palo Alto]] GlobalProtect is an always-on [[SSL]]/[[IPsec]] [[VPN]] solution with [[MFA]] authentication included on [[PAN-OS]] firewall devices.  
 
[[Palo Alto]] GlobalProtect is an always-on [[SSL]]/[[IPsec]] [[VPN]] solution with [[MFA]] authentication included on [[PAN-OS]] firewall devices.  
[[Port]] [[UDP]] 4501 is used by IPsec for the data communication between the [[GlobalProtect]] client and the firewall
+
[[Port]] [[UDP]] [[4501]] is used by [[IPsec]] for the data communication between the [[GlobalProtect]] client and the firewall
  
  
Line 11: Line 11:
  
 
== Versions ==
 
== Versions ==
* 9.1  
+
10.1
** GlobalProtect Activity charts and graphs on the [[ACC]]
+
* [[Globalprotect]]: ability to enforce a shorter [[inactivity]] logout period.
** [[Log Forwarding]] of [[GlobalProtect logs]]
+
 
* 9.0
+
9.1  
 +
* GlobalProtect Activity charts and graphs on the [[ACC]]
 +
* [[Log Forwarding]] of [[GlobalProtect logs]]
 +
 
 +
9.0
 +
 
 
See also: [[PAN-OS Releases]]
 
See also: [[PAN-OS Releases]]
  
 
== Features ==
 
== Features ==
* [[multi-factor authentication]] (MFA) methods, including [[one-time password]] tokens, certificates, and smart cards, through [[RADIUS]] and [[SAML]] integration
+
* [[Multi-factor authentication]] (MFA) methods, including [[one-time password]] tokens, certificates, and smart cards, through [[RADIUS]] and [[SAML]] integration
 
* [[Traffic Inspection]]
 
* [[Traffic Inspection]]
 
** Identifies application traffic, regardless of port number
 
** Identifies application traffic, regardless of port number
 
** [[SSL]] Decryption
 
** [[SSL]] Decryption
 
* [[URL filtering]] with [[PAN-DB]]
 
* [[URL filtering]] with [[PAN-DB]]
 +
* [[GlobalProtect]] ([[PAN-OS 10.0]]) blocks compromised devices using unique attributes, such as the hardware serial number of the device and unique host information.
  
 
== Related commands ==
 
== Related commands ==
* <code>[[show global-protect-gateway]] current-user</code>
+
{{GlobalProtect commands}}
* <code>[[show global-protect-gateway previous-user]]</code>
 
** <code>[[show global-protect-gateway previous-user user]] USERNAME</code>
 
* <code>show global-protect-gateway flow</code><ref>https://weberblog.net/cli-commands-for-troubleshooting-palo-alto-firewalls/</ref>
 
::current-satellite    Show current GlobalProtect gateway satellites
 
:: current-user        Show current GlobalProtect gateway users
 
:: flow                Show dataplane GlobalProtect gateway tunnel information
 
:: flow-site-to-site    Show dataplane GlobalProtect site-to-site gateway tunnel information
 
:: gateway              Show list of GlobalProtect gateway configuration
 
:: previous-satellite  Show previous GlobalProtect gateway satellites
 
:: previous-user        Show previous user session for GlobalProtect gateway users
 
* <code>[[show  global-protect-gateway statistics]]</code>
 
* <code>[[show log system]] | [[match]] [[globalp]]</code>
 
  
 
== Activities ==
 
== Activities ==
 
* Read GlobalProtect Administration Guide: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/globalprotect/9-1/globalprotect-admin/globalprotect-admin.pdf
 
* Read GlobalProtect Administration Guide: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/globalprotect/9-1/globalprotect-admin/globalprotect-admin.pdf
 
* Read https://ninjamie.fandom.com/wiki/GlobalProtect
 
* Read https://ninjamie.fandom.com/wiki/GlobalProtect
 +
* Read GlobalProtect Resource List on Configuring and Troubleshooting https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClfXCAS
  
 
== Related terms ==
 
== Related terms ==
Line 54: Line 49:
 
* {{firewalls}}
 
* {{firewalls}}
  
 
+
[[Category:GlobalProtect]]
 
[[Category:Firewalls]]
 
[[Category:Firewalls]]

Latest revision as of 08:18, 26 November 2021

Palo Alto GlobalProtect is an always-on SSL/IPsec VPN solution with MFA authentication included on PAN-OS firewall devices. Port UDP 4501 is used by IPsec for the data communication between the GlobalProtect client and the firewall


  • Client supported platforms: iOS, Android, Windows and macOS


Versions[edit]

10.1

9.1

9.0

See also: PAN-OS Releases

Features[edit]

Related commands[edit]

current-satellite Show current GlobalProtect gateway satellites
current-user Show current GlobalProtect gateway users
flow Show dataplane GlobalProtect gateway tunnel information
flow-site-to-site Show dataplane GlobalProtect site-to-site gateway tunnel information
gateway Show list of GlobalProtect gateway configuration
previous-satellite Show previous GlobalProtect gateway satellites
previous-user Show previous user session for GlobalProtect gateway users

Activities[edit]

Related terms[edit]

  • HIP. If the Host Information Profile (HIP) feature is enabled, the gateway generates a HIP report from the raw host data that the endpoints submit, which it can use for policy enforcement.
  • Prisma Cloud

See also[edit]

  • https://weberblog.net/cli-commands-for-troubleshooting-palo-alto-firewalls/
  • Advertising: