Global Protect Internal Detection

M.Marzin — Mon, 30 Mar 2026 03:53:54 GMT

Hi all,

We are experiencing an intermittent connectivity issue on our Corp Wi‑Fi, and I’m trying to determine whether this is related to GlobalProtect internal network detection.

Environment

GlobalProtect Always‑On
No split tunnelling
Internal Host Detection configured using the IP address and hostname of a Domain Controller
Corp Wi‑Fi uses RADIUS authentication

We previously had two Domain Controllers available for RADIUS authentication on the Corp Wi‑Fi. Due to earlier issues, we are now operating with only one DC, which is also the DC used for GlobalProtect internal host detection.

Issue description

Several computers intermittently fail to work properly when connected to Corp Wi‑Fi:

The Wi‑Fi connection itself completes successfully
The DNS server (DC) is reachable and responds to ping
ping 8.8.8.8 works
DNS resolution works (for example, nslookup google.com)
However, ping google.com returns “General failure”
No corresponding traffic is seen on the firewall
There is no visible attempt from the endpoint to establish a GlobalProtect connection

When the issue occurs:

The GlobalProtect icon is grey and flashing
The client does not identify the network as internal
No Internet access

After some time (sometimes quickly, sometimes after a long delay), the issue resolves on its own:

GlobalProtect successfully detects the internal network
The icon turns blue and shows “Connected – You are on the internal corporate network”
Internet access works normally again

Observation

The problem seems to occur only when GlobalProtect fails to perform internal network detection. Machines that immediately show the blue “internal” state on GlobalProtect work without any issues. Guest Wi‑Fi and wired LAN connections do not show this behavior.

Question

Could relying on a single Domain Controller for both:

Corp Wi‑Fi authentication (RADIUS / DNS), and
GlobalProtect internal host detection

cause intermittent internal detection failures on Wi‑Fi?

Has anyone seen similar behavior, and what would be the recommended way to make internal detection more reliable in this scenario?

Thanks in advance for any insights.

Re: Global Protect Internal Detection

JayGolf — Thu, 02 Apr 2026 17:41:54 GMT

Hi @M.Marzin ,

It is possible that the issue is related to internal host detection timing. If the same server is busy and slow to respond to PTR queries. Since your DC is handling multiple roles.

I would honestly try changing your IHD entry from your DC to a more dedicated internal DNS record for GP detection. For example, you could create a record such as "gp-ihd.company.local" with a static IP and matching PTR record then use that IP and hostname in the portals IHD detection settings.