This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect Gateway on Different IP address

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Gateway on Different IP address

Go to solution
travisj
L2 Linker

‎10-22-2014 11:10 AM

Let's say we  have an external facing interface  Ethernet1/3  with  Ip address of 1.1.1.14/28.   The upstream isp router is 1.1.1.1 all other addresses (1.1.1.2-1.1.1.14) are routed to the Palo Alto and in use for various web services, etc..

Per the documentation I can find it looks like you have to set the Global Protect gateway IP address to the address you have set on the interface.   Is there a way to use one of the other addresses in the range we have assigned?  e.g.  1.1.1.10

mdl: PA-2050

Pan-OS 6.0.4

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
dreputi
L4 Transporter
In response to bat

‎10-22-2014 11:33 AM

Hello Travisj,

You can create a loopback IP with that address and NAT that IP address so that the request actually goes to PAN GP on the interface IP 1.1.1.1/32. You can also NAT it using a port, you may refer to this document for the steps:

Can GlobalProtect Portal Page be Configured to be Accessed on any Port?

Regards,

Dileep

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
bat
L5 Sessionator

‎10-22-2014 11:12 AM

travisj

You can configure that IP address as /32 i.e. 1.1.1.10/32 on that interface and then should be able to use it for GP.

You can also terminate the gateway on loopback,, configure any IP address on loopback and NAT 1.1.1.10 to that IP address.

Hope it helps !

Go to solution
hshah
L6 Presenter

‎10-22-2014 11:32 AM

Hi Travisj,

Global Protect has to be configured on specific interface and its IP address.

Hence you can not terminate GP on Untrust interface with 1.1.1.10/32.

As above suggested only way is to create loopback interface with 1.1.1.10/32, put it in untrust interface[depends on requirement]. And terminate GP on it.

Regards,

Hardik Shah

Go to solution
dreputi
L4 Transporter
In response to bat

‎10-22-2014 11:33 AM

Hello Travisj,

You can create a loopback IP with that address and NAT that IP address so that the request actually goes to PAN GP on the interface IP 1.1.1.1/32. You can also NAT it using a port, you may refer to this document for the steps:

Can GlobalProtect Portal Page be Configured to be Accessed on any Port?

Regards,

Dileep

0 Likes Likes

Go to solution
travisj
L2 Linker

‎10-22-2014 11:36 AM

thanks.  dreputi that's exactly what I needed, the issue I was facing was that I already had something on 443 of the interfaces IP address.  I didn't even consider nat'ing different port to a loopback deal.

  • 1 accepted solution
  • 4980 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks