https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1893#M1415 <HTML><HEAD></HEAD><BODY><P>I have the external gateway running now - so the external gateway should have the detect internal or both?</P><P></P><P>thanks</P></BODY></HTML> Thu, 21 Mar 2013 20:41:00 GMT felixn 2013-03-21T20:41:00Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1888#M1410 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Can anyone give me some feedback on how to configure my globalprotect client to register/connect when on internal LAN? - so I can help my pan-user agent tag what users are connected</P><P></P><P>Thanks</P></BODY></HTML> Thu, 21 Mar 2013 08:00:30 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1888#M1410 felixn 2013-03-21T08:00:30Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1889#M1411 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>i think it is the same as an external gateway/portal.</P><P>Create a portal and gateway with the authentication you want (uncheck internal host detection), also add a new tunnel interface for the internal gateway. Should work.</P></BODY></HTML> Thu, 21 Mar 2013 14:14:57 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1889#M1411 Hithead 2013-03-21T14:14:57Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1890#M1412 <HTML><HEAD></HEAD><BODY><P>This document will help you with the configuration:</P><P></P><P><A __default_attr="3930" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P></BODY></HTML> Thu, 21 Mar 2013 16:35:30 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1890#M1412 zarina 2013-03-21T16:35:30Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1891#M1413 <HTML><HEAD></HEAD><BODY><P>Thanks guys - will check it out. This will also work with the external gateway right? - I am just not sure how it will "know" or is it because the check internal option is on the external?</P></BODY></HTML> Thu, 21 Mar 2013 16:43:13 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1891#M1413 felixn 2013-03-21T16:43:13Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1892#M1414 <HTML><HEAD></HEAD><BODY><P>The document only talks about the internal gateway. If you would like to configure both internal and external gateways, make sure to enable internal host detection so that users can connect when they are on LAN</P></BODY></HTML> Thu, 21 Mar 2013 20:34:59 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1892#M1414 zarina 2013-03-21T20:34:59Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1893#M1415 <HTML><HEAD></HEAD><BODY><P>I have the external gateway running now - so the external gateway should have the detect internal or both?</P><P></P><P>thanks</P></BODY></HTML> Thu, 21 Mar 2013 20:41:00 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1893#M1415 felixn 2013-03-21T20:41:00Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1894#M1416 <HTML><HEAD></HEAD><BODY><P>GP will try to connect to the internal gtwy first and then if it does not it tries connecting to the external gateway.</P><P>Refer page 31 of the following doc:-<A __default_attr="2020" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P></BODY></HTML> Fri, 22 Mar 2013 00:57:50 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1894#M1416 sraghunandan 2013-03-22T00:57:50Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1895#M1417 <HTML><HEAD></HEAD><BODY><P>I can't get it to work.</P><P></P><P>I have one portal with external and internal gateway and ssl authentication, I created one internal-gateway with no client-configuration. Here is some of the log files:</P><P></P><P></P><P>(T7636) 03/25/13 15:54:39:956 Debug(4707): connect ssl.</P><P>(T7636) 03/25/13 15:54:39:956 Debug( 168): nRequestTimeout is 10000</P><P>(T7636) 03/25/13 15:54:39:956 Debug(&nbsp; 41): WSAGetLastError() returns 10035</P><P>(T7636) 03/25/13 15:54:39:988 Debug(4744): Internal gateway 10.119.20.1 is authenticated.</P><P>(T7636) 03/25/13 15:54:39:988 Debug(4751): disconnect ssl.</P><P>(T7636) 03/25/13 15:54:39:989 Info (11170): Gateway: 10.119.20.1, client IP: 10.119.20.106</P><P>(T7636) 03/25/13 15:54:39:989 Debug(5888): CPanMSService::RetrieveGatewayInfo, cert is 0000000000000000</P><P>(T7636) 03/25/13 15:54:39:989 Debug(5890): Pre-login gateway...</P><P>(T7636) 03/25/13 15:54:39:989 Debug( 849): Need to check gateway cert for 10.119.20.1</P><P>(T7636) 03/25/13 15:54:39:989 Info (14285): IPADDR=10.119.20.1,PORT=443,URL=/ssl-vpn/prelogin.esp,POST=1,POSTDATA="tmp=tmp&amp;clientVer=4100",PROXY_AUTO=0,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=0,ADDITIONAL_CHECK=1</P><P>(T7636) 03/25/13 15:54:44:940 Debug(1698): Send response to client for request https_request</P><P>(T7636) 03/25/13 15:54:44:977 Debug(14340): winhttpObj, cert error, 16.</P><P>(T7636) 03/25/13 15:54:44:977 Info (14427): HTTP_RPC, result is (NULL), len=0</P><P>(T7636) 03/25/13 15:54:44:977 Debug(6018): Failed to pre-login to the gateway 10.119.20.1</P><P>(T7636) 03/25/13 15:54:44:977 Error(4782): Failed to retrieve info from gateway 10.119.20.1.</P><P>(T7636) 03/25/13 15:54:44:977 Debug(4790): close http session.</P><P>(T7636) 03/25/13 15:54:44:977 Debug(4798): returns false.</P><P>(T7636) 03/25/13 15:54:44:977 Error(8891): NetworkDiscoverThread: failed to discover internal network.</P><P>(T7636) 03/25/13 15:54:44:977 Debug(8952): NetworkDiscoverThread: m_nPortalStatus is 1, m_bHasLoggedOnGateway is 0</P></BODY></HTML> Mon, 25 Mar 2013 15:11:27 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1895#M1417 felixn 2013-03-25T15:11:27Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1896#M1418 <HTML><HEAD></HEAD><BODY><P>at some point I got it working, but I had to add the external DNS name with the internal gw in my hosts file - related to some certificate stuff maybe?</P><P></P><P>Any clues?</P></BODY></HTML> Mon, 25 Mar 2013 15:27:02 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1896#M1418 felixn 2013-03-25T15:27:02Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1897#M1419 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P></P><P>did you tried to enter the internal IP to the DNS server? CN certificate = DNS name = IP&nbsp; address.</P><P></P><P> - Your comman name (also alternative subject name) in your VPN server certificate will be verfied when you dial in with the DNS Name of the gateway. -</P></BODY></HTML> Tue, 26 Mar 2013 09:26:23 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-internal/m-p/1897#M1419 Hithead 2013-03-26T09:26:23Z