FREE Palo Alto Cheat Sheet in different formats and further FREE resources: netsums.com/resources

You did an excellent job esplaining this topic. Thank you!

complete video...good work. Thank you...

Excellent! This video will help a lot of students. Thank you!!!!!

You did an excellent job here! Thank you very much mate!

Great article!

That's a perfect video! I really hope I can do it so well like you.

very good video

very nice explanation

Hi Bro, thanks and congratulations! I'm very appreciated your tutorial in this video, you winning a subscriber ! Go ahead and publish more videos, congratulations again.

Cool Video thanks

Thanks for your valuable session, appreciate your efforts to spread the knowledge for real knowledge seekers. Sir if you can create a new video for PaloAlto Integrating with Windows Radius and Google Authenticator OTP. God bless you.

Great work !!

Great video, can you do a video on the basic initial setup of a Palo, internet,dhcp,lan etc?

Awesome video, thank you so much!

congratulations!

Good stuff :)

over all is good but too fast on configuration part please slow down a little bit so that can be focus on how it be done

Brilliant video. thanks.

great tutorial! thanks!

Thank you for the great video, it helps me to set up quick remote VPN, one thing need to know if you can explain the GP EXTERNAL GATEWAY PRIORITY BY SOURCE LOCATION that will be great

In the Global Protect Gateway Configuration - agent - you skip over the part about the tunnel interface. We never go into creating on the tunnel.

Hello, I need create two pools with different subjets. It’s possible ? How to do it? On asa it’s possible

I have a question: Does this apply to macOS for transferring the certificate file? Another question: Do we need to configure something when using TLS 1.2? I am having issues connecting to GlobalProtect with the error: "The network connection is unreachable or the gateway is unreachable. Thanks everyone for your next help.

perfect!!

thank you for this video -- if there are multiple entries under Global Protect Portal how are the profiles selected ? first in queue or other ?

Thank you for the great explanation. However, I'm encountering an issue. While all the settings appear to be correct and functional, I've noticed that when I attempt to work from home using my laptop, I'm not prompted to enter the MFA code. It's possible that I may have done so once, perhaps around 6 months ago. As a result, I can access my company's IP address without the need for MFA. Occasionally, I do receive a prompt asking for the MFA code, but if I cancel it, I'm still able to continue working without any interruption. Could you please advise on how I can adjust the settings to ensure that users are always required to enter the MFA code? Otherwise, users should not be able to access the trusted IP range.

A+

Hey this is amazing step by step video. Do you have a document that we can follow.

i don't understand where/how you configure the Google authentication. can you make a quick video for that as well?

Hai, sorry im confuse to implement it. focused on what IP address will implement on GP gateway and GP Portal? its use an IP public or use IP at feet on NAT (reference on your figure)

Hello, great video, in the 27:29 you start to show how configure the side of client, I have a VM in azure, that VM have the Windows 10 Multisession, where some users connect the same time, I installed the GlobalProtect to they can connect, but only the first user enter in the machine can connect using GlobalProtect, another after cant connect and the first user lost the connection. So what the better way could I resolve this? remove global protect of the machine and configure a gateway or a tunnel vpn its a possible solution? Thx for you time.

Hello, Thank you for this info. It was a great help. I come from the Cisco ASA Firewalls, and we just moved to the PA 1410s. Very different! I do have one questions regarding VPNs. With the ASAs I was able to setup groups for all of our Vendors and assign them IPs and have them access only the networks they needed. We use RADIUS for all connections. I have the VPN setup like your video and its working but I'm having an issue setting up vendors. I don't know what's the best route to go. Can you point me in the right directions? A GP Portal for each vendor? A GP Gateway for each? We do not have any extra licenses for GP. Basic GP License. Thank You in advance, Mark

Great video, but did the DNS get covered? I might have missed it in the gateway and portal config, but I couldn't find it.

Thanks for the informative video. What if I don't want to use Radius?

I have a question. I use GlobalProtect for my remote work which provided by our company, can I use this while I'm traveling internationally?

Great video, I have a question though. I have ipsec tunnels setup to some cloud services (AWS and OCI for example) When a user connects to the corp network using Global protect they can access the AWS servers as if they are in the office. However the OCI servers are only accessible when physically in the office, through global protect they do not work. Any ideas what i am missing.

hello Could you please make a video on setting up and testing Google authentication with two factors? Please wait a moment.

Amazing

Brother you are great. Can you release the video of Global protect with 2FA using TOTP using Microsoft Authenticator

Thank you for this video, it is so helpful! Is it possible to do a similar configuration but without the RADIUS server?

Can this be done even if the PA-VM w/o licensed(expired trial version). I want to test it in virtual lab environment. Thank u

I'm connected to the GlobalProtect VPN, but it is killing my internet speeds. I've reebooted my router as well as updating the firmware on it. Are there any fixes?

I don't understand why you need the rules from untrust to untrust zone. The built-in intrazone rule takes care of all of that. These specific rules seem to be redundant.

Thanks for the great video, how do we restrict the VPN to domain-connected devices? What are the certs which we want to import to the firewall?

Could you please help me? I have EC2 windows server and i installed global protect on it and connect to server "palo alto FW" When i login to windows via remote desktop the vpn connected successfully when i close the session of RDP the VPN is disconnected

Hello sir, i want to ask a quick question is it possible using Global protect and work outside the country where you are supposed to work from? like i am working from home but in the one country and i want to go to another country to work from there without being noticed by my company is that possible? Thank you so much.

At 29:32, This is where we're stuck. I'm trying to deploy the Client and certs through Intune but Getting the cert to the User Store keeps failing. Do you know any other methods?

Would the same setting be applicable with third-party vpn client app or only for GP client app?

Is it possible to reject or deny connection if hip profile is not met ? I would like to refuse or disconnect gp if they end user doesnt pass the hip object assoicated to HIP profile.

Is there a link to download the file? without logging in please

Hi, you will not be needing the rule you created allowing GP-client to communicate with Portal. by default untrust to untrust is allowed intrazone rule" that is how the client is able to connect to the portal. Also, you can log your rules all you need to is click on the green gear it allows for you to override the existing implicit rules..

Hi, i don't understand where/how you configure the Google authentication.

Urgent!! when we connect to "Global protect VPN" by default its selecting Local user(Logged in user) in General -> Account -> User: its not prompting for user id and password. how can we fix this. does Admin need to configure in their server? Please suggest.

In this tutorial you're going to learn how to configure remote access VPN on the Palo Alto Firewall. Palo Alto has its own VPN client (or app), called GlobalProtect.

Moore Mark Thompson Jennifer Johnson Kenneth