During the COVID-19 time, most of the workers have to work remotely (when they can).
GlobalProtect is the name of the remote users VPN solution included in PAN-OS. It tooks less than 20 min to set up a basic VPN to allow users to work from home.
I am just going to show how to set up a deployment with a free domain name and a legitimate SSL certificate.
1 - the domain name
Register a .tk domain on freenom.com
It is free, you only need to renew the registration every year.
Once you have your domain, you can create an A record to point to your firewall's public IP address.
2- the SSL certificate
To get a free certificate trusted by most systems, we will take advantage of the letsencrypt project.
You need to run certbot in manual mode on a machine with Internet access.
You will use the DNS challenge, once you have the challenge, create the record on freenom accordingly.
Once it is done, you will get the certificate on the machine.
You will need to upload the private key and the associated certificate to the firewall and configure the GlobalProtect to use this certificate.
No comments:
Post a Comment