Global Protect PAN-OS 8.0 IP pools

Reply
L2 Linker

Global Protect PAN-OS 8.0 IP pools

Hi all ,

 

What is the workaround when you want to assign same IP pool but different access routes to groups or users on the same gateway ? 

 

So let's say that on the gateway I have 2 or more groups like Group1 and Group2 but I have one IP pool to assign IPs when they are connected but in Group2 I want split tunnel and define specific access routes where Group1 I need to have full tunnel ?

 

I get this : dynamic ip pool overlapping

 

 

L4 Transporter

Re: Global Protect PAN-OS 8.0 IP pools

@GeorgiosFakis I haven't tested with 8.0, but in 8.1 and later you can use the "Client IP pool" tap at agent level, which  applies to all groups. 

L2 Linker

Re: Global Protect PAN-OS 8.0 IP pools

Yes, that's true , in PAN-OS 8.1 you can do that but in 8.0 you cannot .Looking for a solution on 8.0 before I go to 8.1 next year.

L6 Presenter

Re: Global Protect PAN-OS 8.0 IP pools

Hows about splitting the scope into 2.

 

or increase mask to /23

 

default users 192.168.0.10-192.168.0.250

splitvtunnel.    192.168.1.10-192.168.1.250

L2 Linker

Re: Global Protect PAN-OS 8.0 IP pools

I agree , but I have 32 groups that need split tunneling and I have 9 gateways so it means 9x32=288 subnets

L6 Presenter

Re: Global Protect PAN-OS 8.0 IP pools

OK gotya... but..

I'm not quite sure of what your end result needs to be...     does each of your 32 groups require a different split tunnel config.

or would one split tunnel suit all (or most).

L2 Linker

Re: Global Protect PAN-OS 8.0 IP pools

Each group different split tunnel  .I think is one way to go to version 9 .

L6 Presenter

Re: Global Protect PAN-OS 8.0 IP pools

perhaps you are correct but it's killing me why you would need 32 different split tunnel configs ?

L2 Linker

Re: Global Protect PAN-OS 8.0 IP pools

Because I have 32 set of AD groups that they have different split tunnel networks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!