Anyone ever use “internal host detection” on GP?
Showing results for 
Search instead for 
Did you mean: 

The Enhanced LIVEcommunity Experience is finally here! Learn all about it.

Anyone ever use “internal host detection” on GP?

L3 Networker



Anyone ever use “internal host detection” on GP? For some reason it does not try to do the test. I checked the GP services log and did not find an entry there. I am trying to force "enforce GlobalProtect for Network Access" when users are cocnneced to the internet.




L7 Applicator

Works ok for me, 

globe displays little house, more like a dogs kennel when connected to lan.


not using enforce option, just always on.


i did have to allow globalprotect connection frm lan to wan for users to get GP config for the first connection attempt.





On the Always on option did you get a one time password to work with LDAP? I am not sure how to get OTP working as Windows logon screen only allows user name and password and with SSO enabled it will only carry username and password.


I am confused by your reply...  never seen otp with ldap...

could you explain in more detail your authentication process.



Want I want is Global Protect to be set to User-Logon. CLient logs on to Windows 7 SSO takes creds and supplies it to Portal. Then for Gateway it promotes user for RADIUS RSA OTP. I can get this to work without SSO, but I want to use User-Logon SSO. I want it so i promotes user for PIN when they login to the PC. If its added to the main windows logon page then there can be an issue when they are on the local network and GP is not needed.




Still not quite sure what you are trying to achieve.


you cannot mix sso with otp. Sso will only use windows credentials.


our users do enter a pin before logon to windows but this is via bitlocker disk encryption.


globalprotect cannot modify the windows logon process.


ok thanks you have answered my question cannot have a mix of both SSO and OTP. Have you gotten "enforce GlobalProtect for Network Access disable when on internal network" and "Internal Host Detection" to work on user-connect method? It is not working for me. When I check the GPS*log it does not show it trying to do the DNS resolution on the internal name I provided. 



I have a client that wants to use OTP and always on but I am guessing this is not possible.

Are you saying that the GP client just connects as normal or does it not connect at all.


I only ask this because the GP client needs to make connection when first installed to obtain the settings for internal host detection.

Otp and always on... i dont see why not. But make sure for otp that you configure authentication overide in both portal and gateway config or the gateway will try to use the same otp and fail.


You may be better off by adding this as a new post.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!