To force client to switch to internal network

Showing results for 
Search instead for 
Did you mean: 

To force client to switch to internal network

L4 Transporter

Hello all

we have mobile clients with GP which use corporate notebooks at home .It was configured user logon option to force the notebook to connect through GP when it connects to home WI-FI


When the same worker comes back to workplace and plugged in the ethernet cable they still use the same GP network

Is there any way to force the client notebook to recognize the internal network and dont use GP  with user logon option in place?


L3 Networker

Hello @Radmin_85


You can configure internal gateway (without tunnel mode) and make use of 'Internal Host Detection' in agent configuration to determine if host is within the network or outside the network.


You can find more information in the below link.


hello @Rajesh12

Yes we did it but the problem is when PA try to connect to that gateway (without tunnel mode) it asks for certificate and we use the same certificate (company certificate) which we use to connect to  PA outside  network (which is ok) it says Bad request

So as i understand the host could not reach to portal even to see the internal host identification and that is why can not recognize internal network

can you post a screen shot of your agent/gateways setting.

sorry just read all your post. do you know why your getting the cert error.


yesy the client still connects to the portal befor internal host detection.




i guess i even can not connect to Portal too

Because normally when i type in browser the internal gateway i must get into the page where i usually download the GP agent app.But i even can not do it.It ask for certificate and then when i use certificate it says bad request

IT is everything ok when i do it outside the network,But the problem is when i try to connect inside the corporate network

Not sure what you mean by internal gateway!  you do not need one for internal host detection.


here is my setup.




you have not give the address pool?

you do not need one for internal host detection.


I created an extra internal gateway without tunnel mode.That is what i mean

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!