Question about Global Protect and ip pools

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Question about Global Protect and ip pools

L4 Transporter

Hi

 

Can any one explain the difference between the ip pools

a) Global protect / gateways  ... external gateway / agent / Client ip pool

vs

b) Global protect / gateways  ... external gateway / agent / client setting / ip pool

 

so for

a) I can't reference an object .. thats annoying

b) I get the pool is just for that setup, I do like having 1 pool of the gateway.

 

Currently I have a object defined which is a range which is attached to b), but I am thinking of moving to a) so that I can have different configs but just 1 ip pool 

 

whats the use case for these different setups

1 accepted solution

Accepted Solutions

Hi @Alex_Samad 

 

There are two options so that you can either specify a general IP pool for the GP gateway or specific IP pools for example for different OS, user(groups) and/or source IPs/regions.

As long as a general IP pool is configured the IP pool option in the client setting is greyed out.

@Mick_Ball what version are you running? According to the documentation it is already possible as described by @Alex_Samad since PAN-OS 8.0. Right now I had only a PAN-OS 9.0 firewall in my homelab.

View solution in original post

8 REPLIES 8

L7 Applicator

@Alex_Samad , Hi.

 

I can reference a) Global protect / gateways  ... external gateway / agent / Client ip pool

 

/Network/GlobalProtect/Gateways/Agent/Client settings/Configs/IP pools

 

But I cannot find b) Global protect / gateways  ... external gateway / agent / client setting / ip pool

 

 

 

 

click network on top tab

global / protect 

  gateways

 

<select an external gateway>

 

Select agent on the left

 

across the top you should have 

Client IP Pool  <<< This is A

Client setting 

 

 

Select client setting

you have a table of configs

<select a config>

across the top is ip pools << This is B

 

 

 

@Alex_Samad ,I cant find "A"

What version are you running.

 

client-ip.png

 

 

Hi @Alex_Samad 

 

There are two options so that you can either specify a general IP pool for the GP gateway or specific IP pools for example for different OS, user(groups) and/or source IPs/regions.

As long as a general IP pool is configured the IP pool option in the client setting is greyed out.

@Mick_Ball what version are you running? According to the documentation it is already possible as described by @Alex_Samad since PAN-OS 8.0. Right now I had only a PAN-OS 9.0 firewall in my homelab.

Hi

 

@Mick_Ball  sorry I didn't orignally see the SS, wasn't using the web interface.

I'm on 8.1.5

@Remo so which is the prefered ?

 

I do like at the gateway level not the config level

 


@Alex_Samad wrote:

@Remo so which is the prefered ?


I don't know. I personally prefer the general IP pool as I have multiple gateways för different use cases - so I don't need specific client settings based on the possible attributes.

yes can see it now, lab was 8.08...  

 

Is there a limit on how many GP IP Pools we can configure on PA-5250s on PAN-OS 9.0 ? I am looking for 50 IP Pool subnets. Is that possible?

Screen Shot 2020-04-13 at 8.36.27 PM.png

  • 1 accepted solution
  • 9337 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!