https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/318014#M81707 <P>I was able to resolve this by excluding the GP portal from the PBF rule and then create a static route on the VR</P> Mon, 23 Mar 2020 17:16:25 GMT ce1028 2020-03-23T17:16:25Z https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/314835#M81171 <P>Hi All,</P><P>&nbsp;</P><P>I was working with a site that has a PA firewall with a GP Portal and Gateway.&nbsp; Some time ago, I had an issue where my users couldn't upgrade their globalprotect version while in the office. I was able to resolve this issue by creating a No NAT rule where if the source was internal and the destination was the IP of the portal.&nbsp; That works as expected.</P><P>&nbsp;</P><P>I'm now working with another site that has a GP Portal/Gateway on the firewall, I created the same No Nat rule, but these users are still not able to upgrade internally, they are not prompted.&nbsp; They are not even able to hit the web portal.&nbsp; The difference in this site is they are using a dual ISP setup.&nbsp; This is setup using PBF.&nbsp; e1/1 is the primary ISP, so there is the typical PBF rule for external traffic to forward out e1/1. &nbsp; I'm not sure if the issue is related to PBF.&nbsp; Has anyone come across this issue?</P> Fri, 06 Mar 2020 01:25:26 GMT https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/314835#M81171 ce1028 2020-03-06T01:25:26Z https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/314872#M81177 <P>Hi,</P><P>&nbsp;</P><P>please make sure, that the users have a exception in the pbf rule, so they will led to the public interface with the gp portal.</P><P>Otherwise they will be forced to the wrong public interface.</P><P>&nbsp;</P><P>Regards</P><P>Chacko</P> Fri, 06 Mar 2020 09:28:49 GMT https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/314872#M81177 Chacko42 2020-03-06T09:28:49Z https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/314962#M81183 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/79934">@Chacko42</a>&nbsp;</P><P>&nbsp;</P><P>Not sure I'm clear what you mean?&nbsp; The GP Portal is the IP of the e1/1 interface.&nbsp; The PBF rule states if you from source internal to external, forward to e1/1</P><P>&nbsp;</P><P>I tried creating a no PBF rule for the specific GP IP, but then that made things worse</P> Fri, 06 Mar 2020 18:23:27 GMT https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/314962#M81183 ce1028 2020-03-06T18:23:27Z https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/315010#M81188 <P>Is there a security policy allowing ssl and panos-global-protect from your inside zone to the zone/address of the portal?</P> Fri, 06 Mar 2020 21:39:46 GMT https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/315010#M81188 OwenFuller 2020-03-06T21:39:46Z https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/318014#M81707 <P>I was able to resolve this by excluding the GP portal from the PBF rule and then create a static route on the VR</P> Mon, 23 Mar 2020 17:16:25 GMT https://live.paloaltonetworks.com/t5/general-topics/unable-to-reach-gp-portal-while-on-internal-network/m-p/318014#M81707 ce1028 2020-03-23T17:16:25Z