We use GlobalProtect for Windows x64 v6.2.2 to connect our Windows 10 Enterprise clients to the Palo Alto Firewall and establish a VPN. I’m curious what other options we have available to us for connecting a VPN between our Windows 10 clients and our Palo Alto Firewall?
- Can we use Windows 10’s built-in VPN solution? If so, what would we choose when adding a VPN connection?
- VPN Provider - all I have right now is Windows (built-in). Should there be a GlobalProtect option if we have GlobalProtect for Windows installed? is Windows (built-in) the right option?
- For VPN Type, I have Automatic, PPTP, L2TP/IPSec (cert), LT2TP/IPSec (pre-shared key), SSTP, and IKEv2. Which one of these would we choose?
- Type of Sign-in Info has username & password, smart card, one-time password, and cert. What are our options here?
-
Are there other options built-into Windows 10 besides the VPN settings?
-
If we stay with our GlobalProtect app (and not the VPN settings in Windows), then do we have options to connect the VPN before we logon to Windows? Currently, we’ve always connected the VPN after we login to Windows. Is there still a “before logon” option?
- Is ‘Connect Before Logon’ still available? It seems to be for us but doesn’t work. It just hangs while it attempts to log the user in.
- Is ‘Pre-Logon’ still an option? How does that differ from ‘Connect Before Logon’?
- Can either of the above be performed on the client side without having to first make changes on the Palo Alto side? Or do we have to decide which model we are supporting in advance?