10-14-2015 06:20 AM
Hi all,
As you may know: When a client is connected on GlobalProtect, they are assigned a dynamic IPv4 Address, not static.
In my situation, I have about 100 GlobalProtect clients. When the client connects for the first time, they are required to join my domain (i.e. www.contoso.com). My Domain Controller is behind my PA firewall. The Domain Controller is also my LDAP server that is used for authenticating the GlobalProtect clients.
The purpose for connnecting to the domain controller is so we can remotely administer the devices connected on GlobalProtect using their fully qualified domain name (i.e. computer1.contoso.com) instead of having to look up their dynamic address from the firewall.
Problem: Since the devices are assigned dynamic addresses, the IPv4 addresses are changing all the time. Therefore, the DNS server (Domain Controller/LDAP server) has associated the correct domain name with an incorrect IPv4 address.
I am assuming there is a way to update the records on hte domain controller to pull the correct dynamic addresses from the clients, just do not know if anyone has tried it.
Thanks.
10-14-2015 06:36 AM - edited 10-14-2015 06:37 AM
Hi,
with v7 you can have GP to assign static ip's.
Do you mean that after users connect to GP they have to join workstation computers to domain?
Domain joined computers should update their DNS records correctly themselves so it should not be an issue after workstation is domain joined already.
DNS server can be configured to trust DNS record updates from non domain joined computers aswell but if you configure this then anyone can spoof your dns records and not good idea 🙂
10-14-2015 06:36 AM - edited 10-14-2015 06:37 AM
Hi,
with v7 you can have GP to assign static ip's.
Do you mean that after users connect to GP they have to join workstation computers to domain?
Domain joined computers should update their DNS records correctly themselves so it should not be an issue after workstation is domain joined already.
DNS server can be configured to trust DNS record updates from non domain joined computers aswell but if you configure this then anyone can spoof your dns records and not good idea 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
