- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-24-2018 11:46 AM
I'm struggling with GlobalProtect and always on.I have it configuerd for Multi-gateways and that part works great. My issue is when I switch WiFi networks to internal, the globalprotect still tries to connect. I have added internal host detection and put down an IP and Hostname of a server.
If I disbale the globalprotect from systray. I'm able to ping this server. I enable Globalprotect and I'm still able to ping this server. then the always-on connects and I'm able to ping this server.
Now If I disconnect the wifi and switch to an internal wifi. I'm not able to ping this server or anything. its like Globalprotect has all my traffic trying to go through the globalprotect virtual adapter.
The moment I disable globalprotect again. I'm now able to ping this device again.
What am I missing??? why is it doing this? anyone have this same issue.
04-24-2018 12:44 PM
If you have "No direct access to local network" enabled in your globalprotect gateway, globalprotect will "have all your traffic try to go through the globalprotect virtual adapter" - you will be able to see this in your routing table on your workstation ("route print" in windows)
04-24-2018 12:45 PM
Do you actually have an internal gateway specified or are you simply using the Internal Host Detection? If you have an internal gateway specified are you doing FQDN or IP, and do you actually have a internal DNS object for the FQDN address if that's what you are using?
04-24-2018 01:10 PM
I do have an internal gateway listed. it's the same one I would get from DHCP on the internal WiFi. I have the IP listed not the FQDN.
04-24-2018 02:55 PM
Does the reverse lookup work and resolves to the fqdn that you configured in the internal host detection?
How did you configure the internal gateway? Do you have there enabled tunnel mode (which shouldn't be done on the internal gateway)?
04-26-2018 06:37 AM
I found the solution. Under the portal and in the App settings. the option for enforce GlobalProtect Connection for Network Access was set to yes. So I guess with Always-On method that means that all network traffic will go throught GloblaProtect.
Thanks for everyone that provided input.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!