Let's say we have an external facing interface Ethernet1/3 with Ip address of 220.127.116.11/28. The upstream isp router is 18.104.22.168 all other addresses (22.214.171.124-126.96.36.199) are routed to the Palo Alto and in use for various web services, etc..
Per the documentation I can find it looks like you have to set the Global Protect gateway IP address to the address you have set on the interface. Is there a way to use one of the other addresses in the range we have assigned? e.g. 188.8.131.52
Solved! Go to Solution.
You can configure that IP address as /32 i.e. 184.108.40.206/32 on that interface and then should be able to use it for GP.
You can also terminate the gateway on loopback,, configure any IP address on loopback and NAT 220.127.116.11 to that IP address.
Hope it helps !
Global Protect has to be configured on specific interface and its IP address.
Hence you can not terminate GP on Untrust interface with 18.104.22.168/32.
As above suggested only way is to create loopback interface with 22.214.171.124/32, put it in untrust interface[depends on requirement]. And terminate GP on it.
You can create a loopback IP with that address and NAT that IP address so that the request actually goes to PAN GP on the interface IP 126.96.36.199/32. You can also NAT it using a port, you may refer to this document for the steps:
thanks. dreputi that's exactly what I needed, the issue I was facing was that I already had something on 443 of the interfaces IP address. I didn't even consider nat'ing different port to a loopback deal.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!