Using Cloudflare with Global Protect (Palo Alto)

Our environment is using Global Protect; Mainly for our IT guys. The service uses 443 and 4443 to connect from a client. We tested the proxy with the VPN and successfully authenticated but ran into a certificate error.

Is it possible to use cloudflare as a proxy for an SSL-VPN or are we just wasting time?

Thanks,
Connor

1 Like

Testing the exact same configuration. Trying to figure out if the “SSL/TLS” encryption mode has any barring on DNS proxies. The cert bound to our vpn portal is from cloudflare when proxying is enabled and the firewall needs the key to bind the ssl profile to the vpn portal. If this does impact dns proxying, then im thinking changing the encryption mode to “off” would no longer bind the URL to a cloudflare cert.

So I got some assistance from cloudflare support but their suggestion didnt really get me to where I wanted. Basically, they instructed me to create a page rule to disable ssl for just this one subdomain running the vpn. However, disabling ssl forces cloudflare to redirect 443 traffic to 80 instead and there doesnt seem to be a way to change that. So now the site shows the “redirected to many times” message. More information on page rules here:

https://support.cloudflare.com/hc/en-us/articles/218411427-Understanding-and-Configuring-Cloudflare-Page-Rules-Page-Rules-Tutorial-

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.