How to Set a Preferred IP Address for GlobalProtect VPN Users

Printer Friendly Page

Issue

In some situations, remote VPN users connect to their corporate headquarters to access the Enterprise Resource Planning (ERP) database server. The ERP server needs to know the IP address of the users for configuring the file host in the server, this allows the users to synchronize the database with ERP servers and vice versa. Commonly, when a user connects to a corporate network through GlobalProtect, a random IP address will be assigned to them from the IP Pool configured under Gateway > Client Configuration > Network Settings.

 

As shown in the example, users can randomly be assigned to IP addresses from 10.66.100.1-10.66.100.254.

 

Resolution

For remote users to synchronize to their corporate ERP server, preferred IP addresses can be pre-populated on user machines by changing the registry key under: HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS\PreferredIP

  1. Enter the Registry Editor through Run:


  2. Under Palo Alto Networks > GlobalProtect > PanGPS > double click on PreferredIP and change it to the desired IP and click OK:

 

Note: Reboot the device in order to apply changes.

 

For more information on the ERP server, reference the following link: http://www.ehow.com/facts_6904009_erp-server_.html

 

owner: kadak

Tags (5)
Comments

1. What if the preferred IP pre-populated in the registry already assign to another user?

2. This resolution assign preferred IP to machines, NOT to users. Once a user connects from another machine, he will NOT get the preferred IP.