Happy Friday all!
New Palo admin here. I need some help understanding how VPN configurations work. Currently, we have an On-demand Agent config, for any user and any OS at connect.%companyname.com This is working great.
We have a newish type of employees that we will be hiring here in the next six month, all of whom will be remote and traveling. This type of work is new to our company, and we need to put in place an Always ON VPN solution for these remote employees. From my initial research, it looks like we will need a VPN agent with the authentication method “User-Login (Always ON)”
Our current client needs to function for everyone whos not these new employees.
My questions for the experts of /r/paloaltonetworks is as follows.
- Do i need a new hostname like remoteconnect.%companyname.com or can I keep the existing connect.%companyname.com
- If i need a new hostname, i’m assuming i’ll need a new public IP attached to the firewall (not a problem)
- If i can keep my hostname, do i go to the current portal config and just add the new agent with a profile containing an AD group of target users, as well as setting the “user-login”. (assuming i’ll need to scope the On-Demand users into a group as well instead of “All”
Thank you everyone for your help… if you need more info from me i’ll be happy to provide.