To force client to switch to internal network

Reply
L4 Transporter

To force client to switch to internal network

Hello all

we have mobile clients with GP which use corporate notebooks at home .It was configured user logon option to force the notebook to connect through GP when it connects to home WI-FI

 

When the same worker comes back to workplace and plugged in the ethernet cable they still use the same GP network

Is there any way to force the client notebook to recognize the internal network and dont use GP  with user logon option in place?

L2 Linker

Re: To force client to switch to internal network

Hello @Radmin_85

 

You can configure internal gateway (without tunnel mode) and make use of 'Internal Host Detection' in agent configuration to determine if host is within the network or outside the network.

 

You can find more information in the below link.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/network-gl...

 

L4 Transporter

Re: To force client to switch to internal network

hello @Rajesh12

Yes we did it but the problem is when PA try to connect to that gateway (without tunnel mode) it asks for certificate and we use the same certificate (company certificate) which we use to connect to  PA outside  network (which is ok) it says Bad request

So as i understand the host could not reach to portal even to see the internal host identification and that is why can not recognize internal network

L6 Presenter

Re: To force client to switch to internal network

can you post a screen shot of your agent/gateways setting.

L6 Presenter

Re: To force client to switch to internal network

sorry just read all your post. do you know why your getting the cert error.

 

yesy the client still connects to the portal befor internal host detection.

 

 

L4 Transporter

Re: To force client to switch to internal network

@MickBall

i guess i even can not connect to Portal too

Because normally when i type in browser the internal gateway i must get into the page where i usually download the GP agent app.But i even can not do it.It ask for certificate and then when i use certificate it says bad request

IT is everything ok when i do it outside the network,But the problem is when i try to connect inside the corporate network

L6 Presenter

Re: To force client to switch to internal network

Not sure what you mean by internal gateway!  you do not need one for internal host detection.

 

here is my setup.

 

inthost.png

L4 Transporter

Re: To force client to switch to internal network

@MickBall

you have not give the address pool?

L6 Presenter

Re: To force client to switch to internal network

you do not need one for internal host detection.

L4 Transporter

Re: To force client to switch to internal network

@MickBall

I created an extra internal gateway without tunnel mode.That is what i mean

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!