Can someone explain how connecting to a GlobalProtect VPN allows me to access my company’s internal network?
I have spent a few days reading about VPNs, but I am still a bit confused about the mechanism behind this.
You may have a better result in /r/asknetsec. A VPN is a bridge that channels all traffic configured for a private network to be encrypted using a mutual encyrption method to encipher the traffic between point A and Point B. That trafific can traverse any network between those two points but the encryption ensures only the two endpoints able to see the contents. Getting much deeper would require you first understanding how network routing works. Then under standing several crytographic concepts such as Symetric and Asymetric encryption.
Woah woah woah here. We got some complex answer in this thread. Let’s make it simple. You connect to a server using the client. This establishes a secure encrypted connection. It essentially takes over your network adapter then routes all traffic to that server you just connected to.
Simple. Easy.
Think of networks like houses/building, your house is completely isolated from your work building. You have entryways on both, which anyone can access, but to get inside, you need access.
A VPN, effectively in non network speak, builds a big hallway, a tunnel, to your work building, allowing you access to your work building without ever leaving into the outside world. You still traverse the outside world (since that’s where the buildings/tunnels reside), but going between the two isn’t seen by the outside world…just the walls around you.
You can bring a handcart, you can scream down the hallway, you can ride a razor scooter between them (transport methods, aka technology used get from a to b), and you could even go through the tunnel to your company HQ, and leave their front door to leave the office to access the outside world…but in thats case, your exit would be subject to what’s on outside your company front door’s security guard
Look into adding a cert to the authentication. Sounds complicated but in the long run, it makes deployment much easier.
You’ll need a pki.
GlobalProtect consists of 3 main componentes:
GP Cliente (User)
GP Portal
GP Gateway
When you click connect after you setup your portal name vpn.x.com your client will try to authenticate to the portal with the authentication method configured (LDAP, RADIUS, MFA or local, etc) after you succesfuly authenticate to the portal it will proceed to check client settings configured in the GP gateway and depending on the client settings configured in the firewall you will static routes for the networks setup in that configuration.
Also you could use 0.0.0.0/0 and use full tunnel so that means you would browse the internet through the GP VPN and when you check your public ip it will show your company´s IP address instead of just getting the static routes for the corporate network.
Best regards,
Can I use a “stealth vpn router” so my company thinks I’m working in a different location?
I see, is that server located in the company’s private network?(since the point of connecting to our GlobalProtect VPN is the access our company’s internal networks on remote devices)
I see, is that “hallway” or “tunnel” the “virtual private network” that connect you to your work building?
How do you use a full tunnel
It might be or they might use a third party service. It is going to depend on how the network is built out.
You can have all your servers in the cloud and a bunch of VPN connections to the various offices and/or users.
A company’s “internal network” simply means a private network created for the sole use of the company that is protected from anyone outside the company gaining access.
No, Going to be located in the DMZ. The only port that will be open is 443 (HTTPS). This is where companies are getting ransomed. They open up a jumpbox and open 3389 for RDP. Wrong way of doing it.
Yup. I did use tunnel for a reason in that example as it’s often referenced as the vpn tunnel to the destination in the end
Got it, thanks for the help!