We are having a strange GP issue. We have two users in the same AD group and same configuration.
userA: when this user connects to GP, everything is working fine, all the GP access routes are in his route table.
userB: when this user connects to GP, not all the access routes are being imported in his routing table.
We have tried both users in the same clint machine and UserB is having the same behaviour. So What can make the userB not take all the routes in his route table?
The fact that userB has the same issue on userA's machine rules out any problem with the GlobalProtect App for me.
How is your GP gateway client configs set up? Do you have multiple configured; are you matching on an AD group?
For example do you have configs:
ip range 10.10.10.50-100
ip range 10.10.10.150-200
And you mean to say the user is hitting config 2 instead of config 1? Or are they hitting the correct config but just not getting all routes? Easiest way to determine that would be to look at the IP range the GP interface gets assigned using ipconfig.
If the client is hitting the wrong config, if you are doing matches based on AD group, check to see if the firewall sees the user as part of that group "show user user-ids match-user". Otherwise perhaps the ordering of the configs? These can be moved around and will match from the top downwards.
If the client is hitting the right config, my next suggestion would be to generate GP logs and take a look through those, and perhaps give the GP client a reinstall just to be sure.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!