Global Protect issue with BGP routing configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect issue with BGP routing configuration

L3 Networker

Hi All,

 

I have configured Global Protect and I can successfully connect. My Palo Altos are configured to peer and route via BGP which is working without issue.

 

My problem is I cannot reach anything once I am connected. I need at access two address ranges. From the CLI of the Palo I can ping the gateways of the networks I need to reach via the GlobalProtect connections. I cannot ping when connected via global protect.

 

What I have noticed is that if I look at the more runtime stats in the virtual routers I can see the client pool subnet in the route table on interface Tunnel but not in the Forwarding table.

 

Any ideas?

 

Regards

 

Adrian

1 accepted solution

Accepted Solutions

Thanks. After a weekend of looking I resolved this on the connecting router. It seems there was some diverse routing going on so the default gateway was pointing to another path. Once I removed this other path and tidied the config the expected default route displayed as expected and I had routing.

 

Nothing as good as taking over someones configuration it seems.

 

Thanks for the advice.

 

Regards

 

Adrian

View solution in original post

2 REPLIES 2

L7 Applicator

Routing is the most common issue I see for this symptom. Are you doing source-NAT for your GlobalProtect clients?

 

Recall that the gateway config on the firewall defines the source IP pools for your clients, and assigns them based on that. If you are not doing NAT, then you'll just need to ensure that the networks you're trying to reach understand that they have to send the replies back to the firewall. If there's a more general/broad route on those networks' gateways, you'll need to use a more specific route for your GP clients source pool.

Thanks. After a weekend of looking I resolved this on the connecting router. It seems there was some diverse routing going on so the default gateway was pointing to another path. Once I removed this other path and tidied the config the expected default route displayed as expected and I had routing.

 

Nothing as good as taking over someones configuration it seems.

 

Thanks for the advice.

 

Regards

 

Adrian

  • 1 accepted solution
  • 3219 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!