We are a bit confused. It appears that our ip address setting under Network>GlobalProtect>Portals must be set to either an IP Range or IP/Subnet, therefore it is not necessarily a single ip address (which is what I thought it should be).
The part that is confusing us, is that the ip address/subnet setting for the portal web service is determining which users (by their ip address) can connect to the vpn web login. If the visitor's ip address does not fall into the same subnet, they are unable to launch the login website (it just times out). It seems that ALL ip addresses should be able to launch the vpn web login screen?
If my portal web service ip address is (126.96.36.199/16) BOTH 188.8.131.52 AND 184.108.40.206 can launch the vpn login website.
If my portal web service ip address is (220.127.116.11/24) 18.104.22.168 can launch the vpn login website, but, 22.214.171.124 can NOT launch the vpn login website?
I am confused as to why this TARGET portal web service ip address impacts the visitors based on their ip address?
The IP address that you select is actually based on the interface that you have selected. So its actually a single IP.
From your description that you are able to connect on the same subnet but not on a different subnet tells me that you have a routing issue.
Do you have default route or a static route with 126.96.36.199/16 on the firewall? and vice versa if the device on 188.8.131.52 has a route to reach 184.108.40.206
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!