- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-25-2012 01:19 AM
I have a PA-200 which is configured with DHCP-client on the WAN interface.
When configuring Global Protect, I'm not able to configure the gateway address. When I choose the WAN interface as the gateway address interface, I'm not able to choose the IP-address currently on that interface(because of the DHCP Client setting I guess). The same apply to the Global Protect Portal configuration. I can not set the Portal Address. (see attached picture)
Is there anyway around this, or is it impossible to setup Global Protect gateway and portal on a DHCP client interface?
I have dyn-dns running. Is it possible to somehow set the portal and gateway address to a FQDN?
01-25-2012 11:43 AM
I am sorry for the inconvenience, this is actually a UI issue, bug #33914.
The workaround is that you can actually set this from CLI with the following command:
set network tunnel global-protect-gateway <name> local-address interface e1/1
Version 4.1.2 documents this issue, Please see the release notes here:
Will this be resolved in 4.1.3? I hope so, but cannot answer that until that versio is released and that bug # is shown as a resolved issue.
Kind Regards
01-25-2012 11:43 AM
I am sorry for the inconvenience, this is actually a UI issue, bug #33914.
The workaround is that you can actually set this from CLI with the following command:
set network tunnel global-protect-gateway <name> local-address interface e1/1
Version 4.1.2 documents this issue, Please see the release notes here:
Will this be resolved in 4.1.3? I hope so, but cannot answer that until that versio is released and that bug # is shown as a resolved issue.
Kind Regards
02-29-2012 12:47 PM
Hey Joe,
is there a command line for the "GP portal" part as well? There has to be the interface and IP defines as well.
Mike
03-01-2012 02:24 AM
I think the command for setting the GP portal address to the interface address is the following:
set global-protect global-protect-portal "portal name" portal-config local-address interface ethernet1/X
03-01-2012 12:37 PM
Thanks, I will try it!
07-30-2015 12:01 PM
Hmm, interesting. I´m having the exact same problem running version 7.01, so the bugfixing seem to be a bit off for this one (3 years or so). Can you elaborate a bit on the command line stuff, as I´m not so savvy in that area?
Best regards
/Micke
08-05-2015 04:36 AM
Hi,
I have not had any problem with this i 7.0. I just choose the WAN interface, which is configured with DHCP client, as my Portal and Gateway interface. IP-address is just set to "none" in the webui. Have you tried just doing that?
Looking at the config in the CLI, I see the same thing with the command "show global-protect global-protect-portal <Portal-name>" in configure mode. Local-address is just the interface (no ip-address).
If I run "show global-protect-gateway gateway" in opreation mode in CLI, I do see the ip-address I get from DHCP under local address, as expected.
- Tor
08-10-2015 09:13 PM
This is how mine is setup and works fine since 5.x Select the WAN interface and leave address to none.
08-13-2015 04:47 AM
Managed to solve my problem. Had nothing to do with the DHCP on the external interface:-). It turned out to be a policy problem. I had to add an ESP service to the policy for tunneling to work. For some reason the denied traffic was not logged and the only thing I could see was the 443 session initiating the VPN and just failure on the client. I think there is probably some stuff that should be added to the 7.0 Global Protect set-up guide, for example what policy you should set for the external - external traffic for initiation of the tunnel.
Best regards
/Micke
10-31-2015 07:33 AM
Can somebody help me with this?
I tried to configure ip address manually from CLI, but I got error message:
Server error : portal-config -> local-address -> ip '<my ip address>' is not a valid reference
portal-config -> local-address -> ip is invalid
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!