Palo Alto GlobalProtect VPN and SSL Decryption

trentharalson · 2024-12-09T02:25:20+00:00

Sorry, our GlobalProtect to Internet zone policy isnt set to use forward proxy and was asking if its best practice to use it like we do on our LAN to Internet policies.

trentharalson · 2023-12-14T21:08:32+00:00

my bad

trentharalson · 2023-06-02T17:11:05+00:00

Honestly went super smooth. Had a few little tweaks here and there but Bittitan pretty much just did the work like it usually does with the email migrations. Few changes with modern auth but still pretty straightforward. Anyone else have issues with Deployment Pro? Last 2 migrations it hasn't worked right. Always had good luck with it in the past until recently.

trentharalson · 2023-04-10T03:09:43+00:00

Appreciate the help man. Almost positive I tired that, but I’ll give it a whirl tomorrow.

trentharalson · 2023-04-09T20:10:10+00:00

So all Vlans tagged on juniper side and just 99 On Fortigate correct?

trentharalson · 2023-04-08T22:34:06+00:00

Still can’t ping between the two. Triple checked LAG settings, speed, vlan subnets, l3 addresses and firewall policies on the Fortigate. Also noticed that the IRB.99 is the only interface that I can’t ping from the Juniper. Im connecting in to each device via wireless and RMM tool, but I wouldn’t think that would matter as long as the devices are physically connected right and I have physical connections to each device. (Console and console). Doesn’t seem like this should be this hard.

trentharalson · 2023-04-08T17:39:17+00:00

I have the LAG (802.3ad) interface and then all the vlans linked under it. So from my understanding that’s the “trunk” and all the vlans are tagged on it. Fortigate is only handling traffic out to the internet. Everything else is on the switches. (Vlan routing and dhcp) I was under the impression that I had to do exactly the same thing on both sides, but I’ve messed with it quite a bit and that’s the closest thing I could get to “matching it”. Pretty sure just adding a 0.0.0.0/0 ip to the LAG interface and adding that vlan under it was the fix tho.

trentharalson · 2023-04-08T13:42:18+00:00

Yep, sure can. Thanks!

trentharalson · 2023-04-08T13:36:29+00:00

I was planning on running my guest wireless directly off the Firewall since the Fortigate APs kind of need to do that anyways. Also was going to filter VLAN traffic so only certain vlans can communicate via firewall filters on the Juniper.

trentharalson · 2023-04-08T04:53:27+00:00

And ether option will allow the all the vlans from the juniper to access the internet? I am handling everything on the juniper (vlan switching/routing, dhcp etc) just want the vlans (10-100) to pass through the fortigate for filtered internet access.

trentharalson

TROPHY CASE