topic Re: GlobalProtect internal gateways in General Topics

GlobalProtect internal gateways

Amory — Tue, 24 Apr 2018 18:46:15 GMT

I'm struggling with GlobalProtect and always on.I have it configuerd for Multi-gateways and that part works great. My issue is when I switch WiFi networks to internal, the globalprotect still tries to connect. I have added internal host detection and put down an IP and Hostname of a server.

If I disbale the globalprotect from systray. I'm able to ping this server. I enable Globalprotect and I'm still able to ping this server. then the always-on connects and I'm able to ping this server.

Now If I disconnect the wifi and switch to an internal wifi. I'm not able to ping this server or anything. its like Globalprotect has all my traffic trying to go through the globalprotect virtual adapter.

The moment I disable globalprotect again. I'm now able to ping this device again.

What am I missing??? why is it doing this? anyone have this same issue.

Re: GlobalProtect internal gateways

JoeAndreini — Tue, 24 Apr 2018 19:44:00 GMT

If you have "No direct access to local network" enabled in your globalprotect gateway, globalprotect will "have all your traffic try to go through the globalprotect virtual adapter" - you will be able to see this in your routing table on your workstation ("route print" in windows)

Re: GlobalProtect internal gateways

BPry — Tue, 24 Apr 2018 19:45:08 GMT

@Amory,

Do you actually have an internal gateway specified or are you simply using the Internal Host Detection? If you have an internal gateway specified are you doing FQDN or IP, and do you actually have a internal DNS object for the FQDN address if that's what you are using?

Re: GlobalProtect internal gateways

Amory — Tue, 24 Apr 2018 20:10:33 GMT

I do have an internal gateway listed. it's the same one I would get from DHCP on the internal WiFi. I have the IP listed not the FQDN.

Re: GlobalProtect internal gateways

Remo — Tue, 24 Apr 2018 21:55:45 GMT

@Amory

Does the reverse lookup work and resolves to the fqdn that you configured in the internal host detection?

How did you configure the internal gateway? Do you have there enabled tunnel mode (which shouldn't be done on the internal gateway)?

Re: GlobalProtect internal gateways

Amory — Thu, 26 Apr 2018 13:37:05 GMT

I found the solution. Under the portal and in the App settings. the option for enforce GlobalProtect Connection for Network Access was set to yes. So I guess with Always-On method that means that all network traffic will go throught GloblaProtect.

Thanks for everyone that provided input.