Situation: The company configures GloablProtect VPN on Paloalto Firewall for home users accessing Office network. They also have site-to site VPN to AWS. The office computers can access the AWS but Home users. This video shows how to configure Paloalto Firewall to allow GloablProtect VPN accessing AWS.
Step 1: Add IPSec Tunnel IP addresses to GlableProtect Gateway
1. Login Paloalto Firewall.
2. Go to Network>GloableProtect>Gateways.
3. Click on the GloablProtect Gateway.
4. Go to Agent>Client Settings.
5. Click on configure name, end-users in our example.
6. In Configure, click Split Tunnel tab.
7. Click Add.
8. Add the AWS Tunnel IP address subnet.
9. Click Oks to save the settings.
Step 2: Modify Security Policy
1.Go to Policies>Security.
2.Click the Security policy you want to modify, AWS Traffic-3-4 in our example.
3. In Security Policy Rule, click on Source tab.
4. Click Add to add source zoon, for example GlobaleProtect.
5. Click Destination tab.
6. Click Add to add the GloableProtect zoon.
Step 3: Commit.
Click Commit to save the configuration.
Please view this step by step video: