Configuring the ssl vpn global protect, Configuring the security zone – HID Palo Alto Networks and ActivID AAA User Manual
Page 7
HID Global and Palo Alto Networks Integration | Integration Handbook
External Release | © 2014 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page | 7
7.
If only certain users groups are authorized, in the “allow list”, specify the groups authorized and remove
“all” which is set by default.
Important: When you specify a specific group, you must use a specific RADIUS dictionary on the AAA
Server and also create an authorization profile. For more information on this topic, refer to the guide
named 4TRESS_AAA_AdminGuide.pdf, specifically the section called Create a New RADIUS
Authorization Profile. Also refer to the following vendor-specific requirements:
2.3
Configuring the SSL VPN Global Protect
You must configure the SSL connection and related attributes in order utilize the GlobalProtect functionality:
Portal - Palo Alto Networks firewall that provides centralized management for the GlobalProtect system.
Gateways - Palo Alto Networks firewalls that provide security enforcement for traffic from GlobalProtect
agents.
The following sections describe the steps for the attributes that must be configured:
2.3.1 Configuring the Security zone
A security zone identifies one or more sources or destination interfaces on the firewall. When you define a
security policy rule, you must specify the source and destination security zones of the traffic.
In our example, we have created “layer 3” zone named “VPN SSL” in order to identify traffic come from
VPN SSL users.
1. To create this zone, click on the tab Network
2. From the left pane, click Zones.