GP gateways under the same ISP

Reply
L2 Linker

GP gateways under the same ISP

Hello ,

 

I have setup for the company portal and gateway with a specific IP pool and there is one pulbic IP on the ISP. Now they want partners to connect as well and I was wondering if is possible to have either on the same gateway another VPN IP pool and setting like DNS or I can make another gateway under the same IP with another port.

Tags (3)
L4 Transporter

Re: GP gateways under the same ISP

@GeorgiosFakis: Both is possible, but I think the first one is more elegant.

So you create a second network config for the second vpn-users group and assign them a own network config (External GW > Agent > Client Settings).

 

Using different DNS servers per client settings is supported from PAN-OS 9.0 on. https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/globalprotect-features/dns-configur...

L2 Linker

Re: GP gateways under the same ISP

But what if I have PAN-OS version 8.1 ? 

 

 

L4 Transporter

Re: GP gateways under the same ISP

Then you can only create agent settings regarding ip-pools and routing.

If a different DNS server is mandatory for you, you need to create a second external gateway and assign it to the vpn-users group in portal. You can use a loopback IP for second external Gateway and create a NAT-Policy (if untrust > untrust custom-port.... than DNAT to Loopback-IP:443)

L2 Linker

Re: GP gateways under the same ISP

I was thinking about that different port that could work  , thanks .

L4 Transporter

Re: GP gateways under the same ISP

Right, you can define a custom-port like 666 which you then DNAT to the correct external-gw2.

Two external gateways on the same public IP are not possible, because the Palo couldn't make the difference which gw to use. There you have to use a dummy-IP/Loopback or a second public-ip

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!