GP prompts for internal gw connectivity

Reply
Highlighted
L3 Networker

GP prompts for internal gw connectivity

Hi all,

 

I've deployed a GlobalProtect installation solely for the purpose of User-ID. The GP agent connects to the internal portal/GW (one box) upon login with Kerberos SSO. However, when the internal gateway is not reachable (user has no network, user isn't on-prem), the GlobalProtect Agent notifies the user about this (no network / can't reach GW). Does anyone know how I can supress this warning?

 

GP GW Prompt.png

Highlighted
L7 Applicator

Re: GP prompts for internal gw connectivity

Hmm.... i don't use internal gateways but don't you need internal host detection to prevent this from happening.

or have you already set this...

 

 

int gateway.jpg

Highlighted
L3 Networker

Re: GP prompts for internal gw connectivity

Internal host detection IPv4 is set to an internal on-prem IP and the hostname for it does not publicly resolve, plus internal gateways are configured..

Highlighted
L7 Applicator

Re: GP prompts for internal gw connectivity

Have you tried making the portal external, the gateway internal with host detection and allowing access to the portal from internal network.

Highlighted
L3 Networker

Re: GP prompts for internal gw connectivity

No, if possible we highly prefer not to have the portal externally available.

Highlighted
L7 Applicator

Re: GP prompts for internal gw connectivity

Sure, i understand, but how is the client going to know about the internal host detection if they cant get to the portal.

 

Portal info is cached but it does not include internal host detection. I know this much because we use it to prevent users connecting to gateways when on the LAN but if the portal cannot be contacted the internal host detection does not kick in and user attempts to connect to a cached portal.

So...   I dont think you have much choice here...

 

Highlighted
L3 Networker

Re: GP prompts for internal gw connectivity

I actually don't mind if it can't get to the portal, I just don't want users to see the message -so it's more, can I suppress the message on the client itself or not?

Highlighted
L7 Applicator

Re: GP prompts for internal gw connectivity

Yep, got it...   it does say that in the first post.

I am not aware of message suppression.

Highlighted
L3 Networker

Re: GP prompts for internal gw connectivity

I'm not quite sure on this, as I have not tried doing solely an internal gateway.  However, why not try configuring the gateway as an internal gateway, and use the internal host detection, and list no external gateways?

Highlighted
L3 Networker

Re: GP prompts for internal gw connectivity

That is pretty much exactly the configuration at the moment..

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!