GlobalProtect client cant access internal resources

Jee.Khai — Fri, 19 Aug 2022 08:18:03 GMT

PAN OS 8.1.22 / GlobalProtect Agent 6.0.3

(1) GlobalProtect has no issue connecting to portal/gateway (Dell Latitude, Windows 11)

(2) Gateway Access Route (split tunnel)(No direct access to local network is UNTICK) has access to 0.0.0.0/0

(3) VPN users authenticated are assign 10.0.1.1-40 address

(4) DNS assignment is 192.168.10.10/24 (dc-01.internal.site) - once connected via GP

(5) Internal servers/pcs are manually assign 192.168.10.0/24 address

(6) Internal servers includes webserver (192.168.10.60), email (192.168.10.90), file transfer (192.168.10.91), DC also DNS (192.168.10.10) and other workstation (PCs)

(7) These servers could be ping and reach via their dns names or IP addresses when GP is connected

(8) There is no extra configuration to the 'hosts' file from the GP Client PCs

CHANGES

(1) I configured and added a VM Hypervisor 6 on a Dell PowerEdge R230

(2) Management of Virtual Host is via GBport 1 with IP 192.168.1.180 (connected to internet)

(3) GBPort 2 is connected to 'Internal Network' (as described above to the network 192.168.10.0/24)

- GBPort 2 is passthru to the Internal Network to be used by virtual machines

(4) I added 2 virtual machines ZIMBRA (192.168.10.81) & OWNCLOUD (192.168.10.80)

- the machines has 2 network adapters assign (internet and internal)

(5) From these 2 machines i can access the internet and INTERNAL network, no problem

(6) I have add the DNS of these 2 machines to the DNS server

(7) From a workstation (within the INTERNAL network), i can ping both Zimbra/Owncloud via their IP and Domain names

- i can also access the webpage of Zimbra and Owncloud

- can send and receive emails

- can download and upload from/to Owncloud server

(8) Firewall policy had been amended to include IP address of Zimbra and Owncloud

PROBLEM

- however, both Zimbra and Owncloud servers could not be access from GlobalProtect clients (as mentioned above, other resources could be reach)

- both servers could not be ping or reached

- nslookup showed dc-01.internal.site and 192.168.10.10 (can be reached)

Any help will be greatly apprciated

Re: GlobalProtect client cant access internal resources

Jee.Khai — Fri, 19 Aug 2022 08:31:16 GMT

zimbra

- /etc/hostname = zimbra.internal.site

- /etc/hosts = 192.168.10.81 zimbra.internal.site

- /runm/systemd/resolve/resolv.conf

(nameserver 192.168.10.10 / nameserver 192.168.1.1 / search localdomain)

owncloud

- /etc/hostname = owncloud.internal.site

- /etc/hosts = 192.168.10.80 owncloud.internal.site

- /run/systemd/resolve/resolv.conf

(nameserver 192.168.10.10 / nameserver 192.168.1.1)

topic GlobalProtect client cant access internal resources in GlobalProtect Discussions

GlobalProtect client cant access internal resources

Re: GlobalProtect client cant access internal resources