To force client to switch to internal network

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

To force client to switch to internal network

L4 Transporter

Hello all

we have mobile clients with GP which use corporate notebooks at home .It was configured user logon option to force the notebook to connect through GP when it connects to home WI-FI

 

When the same worker comes back to workplace and plugged in the ethernet cable they still use the same GP network

Is there any way to force the client notebook to recognize the internal network and dont use GP  with user logon option in place?

22 REPLIES 22

L3 Networker

Hello @Radmin_85

 

You can configure internal gateway (without tunnel mode) and make use of 'Internal Host Detection' in agent configuration to determine if host is within the network or outside the network.

 

You can find more information in the below link.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/network-gl...

 

hello @Rajesh12

Yes we did it but the problem is when PA try to connect to that gateway (without tunnel mode) it asks for certificate and we use the same certificate (company certificate) which we use to connect to  PA outside  network (which is ok) it says Bad request

So as i understand the host could not reach to portal even to see the internal host identification and that is why can not recognize internal network

can you post a screen shot of your agent/gateways setting.

sorry just read all your post. do you know why your getting the cert error.

 

yesy the client still connects to the portal befor internal host detection.

 

 

@Mick_Ball

i guess i even can not connect to Portal too

Because normally when i type in browser the internal gateway i must get into the page where i usually download the GP agent app.But i even can not do it.It ask for certificate and then when i use certificate it says bad request

IT is everything ok when i do it outside the network,But the problem is when i try to connect inside the corporate network

Not sure what you mean by internal gateway!  you do not need one for internal host detection.

 

here is my setup.

 

inthost.png

@Mick_Ball

you have not give the address pool?

you do not need one for internal host detection.

@Mick_Ball

I created an extra internal gateway without tunnel mode.That is what i mean

so do you actually use internal gateways. or are you just adding them for internal host detection

@Mick_Ball just added it for internal host detection

you do not need it for internal host detection. remove it.

@Mick_Ball

The problem is that

In GP application there is an option which says that when the user takes the corporate notebook and go home to connect to home Wi fi and to work he must connect the to GP portal first otherwise you can not get access to anything even Internet from home

When that user comes back to office and connect his Notebook to corporate LAN he get the local network ip address but at the same time tries to connect to GP portal (because of user logon).So it can not connect to outside IP and that is why the user can not get access to anywhere even though it got the local ip address from DHCP

So there must be some mechanism when user connect his laptop to internal lan in the office it must recognize the local network and must connect to other gateway.i guess that must be internal gateway

Why cant your users connect to the portal (outside ip) when they are connected to the internal lan. Are you blockng it.

  • 6918 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!