https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-same-ip-pool-with-2-gateways-on-a-firewall/m-p/1244712#M7200 <P data-start="0" data-end="7">Hi all,</P> <P data-start="0" data-end="7">&nbsp;</P> <P data-start="9" data-end="216" data-is-last-node="" data-is-only-node="">I have two external gateways on the same firewall, and I’m wondering whether I can reuse the same Client IP Pool for two different tunnel interfaces (on two different external gateways) on the same firewall.</P> <P data-start="9" data-end="216" data-is-last-node="" data-is-only-node="">I have already done that via SCM and committed the changes, but I'm not sure whether it'll work or not.</P> Mon, 29 Dec 2025 03:13:21 GMT M.Pahlavanzadeh 2025-12-29T03:13:21Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-same-ip-pool-with-2-gateways-on-a-firewall/m-p/1244712#M7200 <P data-start="0" data-end="7">Hi all,</P> <P data-start="0" data-end="7">&nbsp;</P> <P data-start="9" data-end="216" data-is-last-node="" data-is-only-node="">I have two external gateways on the same firewall, and I’m wondering whether I can reuse the same Client IP Pool for two different tunnel interfaces (on two different external gateways) on the same firewall.</P> <P data-start="9" data-end="216" data-is-last-node="" data-is-only-node="">I have already done that via SCM and committed the changes, but I'm not sure whether it'll work or not.</P> Mon, 29 Dec 2025 03:13:21 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-same-ip-pool-with-2-gateways-on-a-firewall/m-p/1244712#M7200 M.Pahlavanzadeh 2025-12-29T03:13:21Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-same-ip-pool-with-2-gateways-on-a-firewall/m-p/1244894#M7203 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1023585581">@M.Pahlavanzadeh</a>,</P> <P>I've never tried to do this previously, but how would you handle any sort of routing to the connected endpoints? Just from a support aspect, this seems like it would be a pretty bad idea since you wouldn't be able to connect to these endpoints at all even if the FIB actually allowed this to work in practice. It certainly isn't something that I would recommend you knowingly and actively do.&nbsp;</P> Mon, 05 Jan 2026 21:54:52 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-same-ip-pool-with-2-gateways-on-a-firewall/m-p/1244894#M7203 BPry 2026-01-05T21:54:52Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-same-ip-pool-with-2-gateways-on-a-firewall/m-p/1244896#M7205 <P>Thanks for the response. I wanted to use the second gateway for the failover only. However, yes, it doesn't make sense as the firewall itself is going to install both subnets in its RIB and FIB with the same metric, and it's definitely a messy routing approach. I'm using a different subnet for every single gateway.<BR /><BR /></P> Mon, 05 Jan 2026 22:59:51 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-same-ip-pool-with-2-gateways-on-a-firewall/m-p/1244896#M7205 M.Pahlavanzadeh 2026-01-05T22:59:51Z