02-10-2022 11:32 PM
Hello Community,
Is there a way on the PALO ALTO that we can do DHCP reservation while using the Global protect client VPN.
As of now we don't have any DHCP relay on the PALO ALTO. The PALO ALTO is the one providing IP address for the global protect user.
Is there any DHCP expire on the global protect assign IP address?
I found some docs but more on the regedit and on the LDAP serve.
Thanks
02-12-2022 07:46 PM
You might want to reach out to your SE and have them put together a Feature Request for this capability. I don't recall the FR # at the moment, but there is already one in the system that they'll be able to add your vote to. This is a fairly common request.
If you don't want to use Framed-IP-Address to assign the IP address, then the method that @TomYoung already brought up is really the best method you have available. You could also set the PreferredIP registry key if you're using Windows, but I personally don't like this method and it doesn't guarantee the IP will always be available.
02-11-2022 09:59 PM
Hi @SamuelCardoz ,
You could try this and see if it works -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UkxCAE&lang=en_US%E2%80%A....
I am curious. Why do you want a fixed IP address for the user? If it is for security policy rules, you can use Source User instead without having to assign a fixed IP address. If it is for something else, then that may be the way to go.
Thanks,
Tom
02-12-2022 06:24 AM
Hi @TomYoung
Good day,
We want to do static IP address in order to connect to our system.
In order to connect the Global protect user to our system we need to add there IP address on the system config file along with there computer name.
Do you have any idea on how we can achieve this setup. We don't want to used LDAP server to assign an IP address or either editing the registry. If there is a way that we make changes on the firewall only.
Thanks
02-12-2022 10:47 AM - edited 02-12-2022 10:52 AM
Hi @SamuelCardoz ,
You're right. That document is way too complicated. I just tested this, and it works!
I used a contiguous range of IP addresses for simplicity only. A completely separate subnet could also be used.
Thanks,
Tom
PS The user name must match exactly to Network > GlobalProtect > Gateways > Remote Users > Primary Username.
02-12-2022 07:46 PM
You might want to reach out to your SE and have them put together a Feature Request for this capability. I don't recall the FR # at the moment, but there is already one in the system that they'll be able to add your vote to. This is a fairly common request.
If you don't want to use Framed-IP-Address to assign the IP address, then the method that @TomYoung already brought up is really the best method you have available. You could also set the PreferredIP registry key if you're using Windows, but I personally don't like this method and it doesn't guarantee the IP will always be available.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
