I'm trying to setup globalprotect where once a user successfully logs in, they pull an IP from our dedicated, internal DHCP server with all the DHCP options. So essentially, setup Palo Alto for a DHCP relay for the GlobalProtect clients. I was trying to do this, but the Tunnel Interface I'm using for the GlobalProtect network doesn't have an IP and doesn't show up when trying to configure a DHCP relay. Is there anyway to do this? Thank you.
@reaper So you are saying that DHCP relay, to give a DCHP address to GlobalProtect clients, with the PA forwarding DHCP requests, is not possible at this time?
If that's the case, is there anyway to provide proxy information for clients who do connect? That's my main reason in trying to create a relay for GlobalProtect clients. We have DHCP option 252 in our scope and have that pushing to clients with AnyConnect and was hoping to do the same with GlobalProtect. Is there anyway to push a configs or dynamically assign proxy settings to GlobalProtect clients?
Thanks everyone for the help.
currently the dhcp for GP is not that advanced (make sure to vot e on that feature request)
you can have a wpad entry on your DNS that could help distribute the proxy settings, instead of dhcp option 252
Ehm, as far as I know that's not possible at this time. If you have a RADIUS that supports framed-ip, you can pull an IP that way, but it will probably not include all the options you'd like:
There are currently 2 outstanding feature requests: FR 2924 and FR 4703 (so please reach out to your sales team and have them add your vote, i already added mine)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!