- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Global protect DNS name resolution.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Global protect DNS name resolution.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2014 04:52 AM
Hello Experts,
Through global protect, users are getting IP address from the pool and take network setting as defined including primary DNS and Secondary DNS.
but the users want to access servers via name(s) not IP addess(es). Since it was working before with cisco remote vpn.
Please let me know is there any setting in global protect gateway to make it functional?
Thank you.
Regards,
Parvez
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2014 05:27 AM
Hello Parvez
In my opinion it isn't GP issue. Please use in GP configuration your local DNS servers, servers that are able to resolve name of servers that are want to use by your users.
Maybe you miss security policy that allow DNS traffic from zone VPN to zone where are Your DNS sererwers?
Regards
Slawek
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2014 05:50 AM
Hello Slawek,
GP tunnel interface is the part of inside zone and DNS servers resides in the same zone.
Regards,
Parvez
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2014 06:22 AM
Could You ping by IP address this servers?
What about nslookup - is it possible to get response about google.com?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2014 06:55 AM
Firewall Policy? is DNS allowed from the tunnel zone to the destination zone ?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2014 08:04 AM
yes you need to autorize via security policy dns app or via service base on tcp and udp 53 port
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2014 11:54 PM
since tunnel interface is the part of inside zone - from inside to outside permit all for this VPN subnet.
Moreover, after connecting GP, we tried nslookup of some servers it is resolving the correct IP address.
I tried to access(through RDP) servers via its name it is not working but via IP address - It is working.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-24-2014 12:08 AM
I'm 99,99% sure, if everything is allowed from VPN to the LAN and nslookup works, it shouldn't be a firewall issue!
It can be the HOST.txt file, Windows/3rdParty Client Firewall, DNS Server, NIC driver/setting or the Remote Server itself...
You have to google that. Sorry, because I don't know your infrastructure.
BTW: Do you see something in the traffic logs?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-24-2014 03:15 AM
I tried to access(through RDP) servers via its name it is not working but via IP address - It is working
and when you try a nslookup with this server name, what is the result?
if it's work it's not a firewall issue. but RDP service on this server
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-24-2014 06:47 PM
This is actually a well known problem for Windows as well as Mac OSX. It has to do with the DNS server binding order.
Written for XP but applies to 7 as well:
Cannot Change the Binding Order for Remote Access Connections
Google search that shows how wide spread this issue is and some resolutions for it.
- Global Protect saml autentication and azure ad configuration? in Cortex XDR Discussions
- Global protect certificate expiry in General Topics
- Global Protect (SSL VPN) OTP with e-mail in GlobalProtect Discussions
- Global Protect saml autentication and azure ad configuration in GlobalProtect Discussions
- Global Protect portal page error in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
