@BPry Ok, next problem. I can get connected to the Gateway and into my network with an IP from the pool range. But I can't get to the Internet while connected to the VPN. I think it's because the PANGP Virtual Adapter has an IP and DNS settings, but no default gateway listed. I can't seem to figure out where to add that???
@Shawverr , PanGP does not have or require a default gateway, default gateways are only required for last resort unknown networks, the system knows all routes are via the VPN so no gateway is required.
is your tunnel interface associated with a virtual router ? Also... from VPN zone to external or untrusted zone will be classed as in intrazone and not a interzone so you may require a security policy to allow interwebby stuff.
for diagnostics add a deny all policy at the end of your policies and log session start. Then enter your PanGP address in the traffic filter to see if it’s not being allowed in other policies.
Just because it catches a lot of people, ensure that you actually have security policies and a NAT policy allowing the GlobalProtect traffic outbound through your untrust interface. Nine times out of ten, that's the issue when people can't browse when connected to GlobalProtect.
I figured it out. Just in case anyone else needs it, you have to set up a Custom Check in three places, The HIP object, the Portal and the Gateway.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!