Global Protect - ip address for portal web service restricts visitors by their ip address - WHY?

cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect - ip address for portal web service restricts visitors by their ip address - WHY?

Not applicable

Hello,

We are a bit confused. It appears that our ip address setting under Network>GlobalProtect>Portals must be set to either an IP Range or IP/Subnet, therefore it is not necessarily a single ip address (which is what I thought it should be).

The part that is confusing us, is that the ip address/subnet setting for the portal web service is determining which users (by their ip address) can connect to the vpn web login.  If the visitor's ip address does not fall into the same subnet, they are unable to launch the login website (it just times out).  It seems that ALL ip addresses should be able to launch the vpn web login screen?

example:

If my portal web service ip address is (36.8.2.3/16) BOTH 36.8.5.12 AND 36.8.5.23 can launch the vpn login website.

If my portal web service ip address is (36.8.2.3/24) 36.8.12.23 can launch the vpn login website, but, 36.12.2.3 can NOT launch the vpn login website?

I am confused as to why this TARGET portal web service ip address impacts the visitors based on their ip address?

thanks.

1 REPLY 1

L2 Linker

The IP address that you select is actually based on the interface that you have selected. So its actually a single IP.

From your description that you are able to connect on the same subnet but not on a different subnet tells me that you have a routing issue.

Do you have default route or a static route with 36.12.0.0/16 on the firewall? and vice versa if the device on 36.12.2.3 has a route to reach 36.8.2.3

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!