In this week's "Discussion of the Week," I will be covering a question that I see pop up in the LIVEcommunity all the time, and that is how to configure GlobalProtect with Static IP addresses.
I apologize if it's a little confusing to cover a topic that hasn't been seen this week, but more importantly, this topic is one that I see come up all the time, and I want to take some time to help address and provide resources to help community members get this working properly.
So, this has been an ongoing topic for years.
I'll give you a couple of examples of people asking about it on the discussion areas:
Now, there can be a couple of ways to accomplish this... and I will try to provide you links to this documentation to help lead you in the right direction to do so.
The big problem when it comes to Static IP addresses and GlobalProtect is to ensure that you get the same IP (Static IP) every time that you connect. And up until recently, a real dedicated IP address was not supported, but an IP Pool was.
Inside of the following KB article, you can find a way to configure a workaround to setup the IP Pool range:
This article details exactly what is needed (including Active Directory (LDAP)) and how to configure both sides to accomplish this.
Of course, another way to accomplish this would be to use User-ID inside of your firewall configuration. Therefore, it doesn't matter what IP address the client has or where they are coming from. As long as you can discover who that user is, then there's really no need for a static IP address.
For more information about User-ID and how to configure it, please see the following articles that we have: