I have a strange issue where my Global Protect SSL Client connects to the firewall with no issues. I get the IP, the routes and the DNS servers but I don't get anything listed in the DNS Suffix entry. I have configured the DNS Suffix correctly under 'Global Protect Gateway', 'Client Configuration', 'Network Settings' and can even see the DNS Suffix being received from the agent during my agent debug when trying to connect but nothing shows up in IPCONFIG.
> Run gpedit.msc
> Browse Local Computer Policy
> Computer Configuration
> Administrative Templates -> Network -> DNS Client
Enable "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries"
Please let me know if this helps
Do you have the domain listed under the radius profile?
Device->Server Profiles-> RADIUS
Then see if the domain is listed there. This did the trick for me.
did you search Windows logs? Could it be that some other software is protecting / preventing GP Agent to set DNS suffix to the system? Is your GP Agent running as a service as well on that Windows host? What is the version of Windows you are having as hosts?
Did you had a chance to look at https://live.paloaltonetworks.com/t5/Management-Articles/DNS-Suffix-is-not-Listed-under-GlobalProtec...
If this is already verified, could you check if the issue is specific to any Client OS/ GP version?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!