Global Protect PAN-OS 8.0 IP pools

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect PAN-OS 8.0 IP pools

L3 Networker

Hi all ,

 

What is the workaround when you want to assign same IP pool but different access routes to groups or users on the same gateway ? 

 

So let's say that on the gateway I have 2 or more groups like Group1 and Group2 but I have one IP pool to assign IPs when they are connected but in Group2 I want split tunnel and define specific access routes where Group1 I need to have full tunnel ?

 

I get this : dynamic ip pool overlapping

 

 

8 REPLIES 8

L4 Transporter

@GeorgiosFakis I haven't tested with 8.0, but in 8.1 and later you can use the "Client IP pool" tap at agent level, which  applies to all groups. 

Yes, that's true , in PAN-OS 8.1 you can do that but in 8.0 you cannot .Looking for a solution on 8.0 before I go to 8.1 next year.

Hows about splitting the scope into 2.

 

or increase mask to /23

 

default users 192.168.0.10-192.168.0.250

splitvtunnel.    192.168.1.10-192.168.1.250

I agree , but I have 32 groups that need split tunneling and I have 9 gateways so it means 9x32=288 subnets

OK gotya... but..

I'm not quite sure of what your end result needs to be...     does each of your 32 groups require a different split tunnel config.

or would one split tunnel suit all (or most).

Each group different split tunnel  .I think is one way to go to version 9 .

perhaps you are correct but it's killing me why you would need 32 different split tunnel configs ?

Because I have 32 set of AD groups that they have different split tunnel networks

  • 5004 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!