This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect internal gateways

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect internal gateways

Amory
L1 Bithead

‎04-24-2018 11:46 AM

I'm struggling with GlobalProtect and always on.I have it configuerd for Multi-gateways and that part works great.  My issue is when I switch WiFi networks to internal, the globalprotect still tries to connect. I have added internal host detection and put down an IP and Hostname of a server. 

 

If I disbale the globalprotect from systray. I'm able to ping this server. I enable Globalprotect and I'm still able to ping this server. then the always-on connects and I'm able to ping this server. 

 

Now If I disconnect the wifi and switch to an internal wifi. I'm not able to ping this server or anything. its like Globalprotect has all my traffic trying to go through the globalprotect virtual adapter. 

 

The moment I disable globalprotect again. I'm now able to ping this device again.

 

What am I missing??? why is it doing this? anyone have this same issue.

0 Likes Likes
5 REPLIES 5

JoeAndreini
L4 Transporter

‎04-24-2018 12:44 PM

If you have "No direct access to local network" enabled in your globalprotect gateway, globalprotect will "have all your traffic try to go through the globalprotect virtual adapter" - you will be able to see this in your routing table on your workstation ("route print" in windows)

0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎04-24-2018 12:45 PM

@Amory,

Do you actually have an internal gateway specified or are you simply using the Internal Host Detection? If you have an internal gateway specified are you doing FQDN or IP, and do you actually have a internal DNS object for the FQDN address if that's what you are using? 

0 Likes Likes

Amory
L1 Bithead
In response to BPry

‎04-24-2018 01:10 PM

I do have an internal gateway listed. it's the same one I would get from DHCP on the internal WiFi. I have the IP listed not the FQDN.

0 Likes Likes

Remo
L7 Applicator
In response to Amory

‎04-24-2018 02:55 PM

@Amory

Does the reverse lookup work and resolves to the fqdn that you configured in the internal host detection?

How did you configure the internal gateway? Do you have there enabled tunnel mode (which shouldn't be done on the internal gateway)?

0 Likes Likes

Amory
L1 Bithead
In response to Remo

‎04-26-2018 06:37 AM

I found the solution. Under the portal and in the App settings. the option for enforce GlobalProtect Connection for Network Access was set to yes. So I guess with Always-On method that means that all network traffic will go throught GloblaProtect.

 

Thanks for everyone that provided input.

 

 

0 Likes Likes
  • 3416 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks