https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36386#M26752 <HTML><HEAD></HEAD><BODY><P>Hi Mark96,</P><P></P><P>Is "Internal Host Detection" checked in setup. Refer following snapshot for it. If its checked than uncheck it, it should not connect.</P><P><IMG alt="Internal_Host_Detection.JPG.jpg" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16679_Internal_Host_Detection.JPG.jpg" style="height: 365px; width: 620px;" /></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Thu, 30 Oct 2014 22:28:22 GMT hshah 2014-10-30T22:28:22Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36384#M26750 <HTML><HEAD></HEAD><BODY><P>I have deployed Global Protect with Single Sign on and have internal host detection.&nbsp;&nbsp; I have everything working and connecting fine, I have one portal and 3 gateways. </P><P></P><P>What I have seen is that some internal clients are connecting to an internal gateway, either by choosing to, or by accident.&nbsp; I have not setup an internal gateway and now I am thinking I should.&nbsp;&nbsp; Any guides or suggestions?</P></BODY></HTML> Thu, 30 Oct 2014 21:00:30 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36384#M26750 markk96 2014-10-30T21:00:30Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36385#M26751 <HTML><HEAD></HEAD><BODY><P>Few related DOC for your reference:</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-2020">GlobalProtect</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-4923">Global_Protect_PAN_OS5.pdf</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3930">How to Configure Internal GlobalProtect Only</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-5847">How Often does GlobalProtect Client Try to Connect to the Gateway for Internal-Only GlobalProtect?</A></P><P></P><P>Thanks</P></BODY></HTML> Thu, 30 Oct 2014 21:32:56 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36385#M26751 HULK 2014-10-30T21:32:56Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36386#M26752 <HTML><HEAD></HEAD><BODY><P>Hi Mark96,</P><P></P><P>Is "Internal Host Detection" checked in setup. Refer following snapshot for it. If its checked than uncheck it, it should not connect.</P><P><IMG alt="Internal_Host_Detection.JPG.jpg" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16679_Internal_Host_Detection.JPG.jpg" style="height: 365px; width: 620px;" /></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Thu, 30 Oct 2014 22:28:22 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36386#M26752 hshah 2014-10-30T22:28:22Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36387#M26753 <HTML><HEAD></HEAD><BODY><P>Yes it is checked and when the laptop docs the icon shows it is internal, but a user can right click and manual connect to a gateway and it will connect.&nbsp;&nbsp;&nbsp; Sorry I stated the issue wrong, an internal client and connect to an external gateway.&nbsp;&nbsp; I need to prevent that from happening. </P></BODY></HTML> Thu, 30 Oct 2014 23:00:17 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36387#M26753 markk96 2014-10-30T23:00:17Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36388#M26754 <HTML><HEAD></HEAD><BODY><P>Hi Mark,</P><P></P><P>Following solution will work in GPC 2.1. User can not modify any IP in portal config.</P><P></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;">1. open regedit.exe </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;">2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\ </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;">3. Right Click &gt; New &gt; String Value &gt; can-change-portal &gt; Value "No" </SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;">Or you can try disabling "Advance view".</SPAN></P><P></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;"><IMG alt="advance.PNG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/16680_advance.PNG" style="height: 462px; width: 620px;" /></SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;">Regards,</SPAN></P><P><SPAN style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; background-color: #e3f3ff;">Hardik Shah<BR /></SPAN></P></BODY></HTML> Thu, 30 Oct 2014 23:17:39 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-best-practices/m-p/36388#M26754 hshah 2014-10-30T23:17:39Z