To force client to switch to internal network

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

To force client to switch to internal network

L4 Transporter

Hello all

we have mobile clients with GP which use corporate notebooks at home .It was configured user logon option to force the notebook to connect through GP when it connects to home WI-FI

 

When the same worker comes back to workplace and plugged in the ethernet cable they still use the same GP network

Is there any way to force the client notebook to recognize the internal network and dont use GP  with user logon option in place?

22 REPLIES 22

L3 Networker

Please do verify if you have any routing issues/firewall block with in internal network for connecting to your portal public IP. Access to GP portal will work irrespective of client location (either internal network or from internet) until it is reachable.

 

@Rajesh12

@Mick_Ball

 

So in order to connect to outside IP i have to configure it as gateway under internal host detection ?

No, the internal host detection should be something that is on your internal network an resolvable by DNS.

 

so if you have a domain controller called ad.mynet.com and its address is 10.10.10.1 then put it in the internal host detection settings.

 

it does not have to be a server, anything that exists on your lan will suffice.

 

but you need to confirm you can srill see external portal address from lan.

 

can you browse to it from your lan.

 

@Mick_Ball

Mike i guess we must configure split DNS in order to connect to the same FQDN whether we are inside the LAN or outside

It is not best practice to connect to your outside ip through your gateway device.

In GP there is internal Gateway.I guess the internal gateway is the method by which you can connect to portal through your internal gateway

When you use internal host detection you do not need to connect to a gateway.

 

you only connect to the portal to get your portal config..

 

when you get your portal configuration from your external address the GP clien does a quick test on the settings you have for internal host detection.

 

if it detects the internal host Then GP client stops trying to connect and you get a little house in your GP icon.

 

so to confirm.... you do not need internal gateways for internal host detection.

 

you do not need split DNS.  What happens when you browse to your external portal address from your lan.

@Mick_Ball
I have only one public ip with NAT.And i can not ping this public IP from internal side.I need to go out and then come back again somehow to ping my external Ip

When you ping the url, i know it fails but is it resolving to an ip address. 

I recently stood up GP in my company following the same general setup you have.

 

We do certificate based authentication for everything (Internal and External portals).

 

 

We are always on

No split-tunneling

Use internal host detection

Use pre-login

Use an internal gateway (but don't force interal traffic through the gateway)

Certificate base authentication to internal and external GWs (This allows for no user interaction to connect)

We have an internal PKI which signs our GW/Portal certs and issues machine certs

 

We have no issues with user connecting at home or in the office.  If your users aren't even connecting it sounds like you have somethign wrong if authentication.

 

If they're connecting to the external GW when they're internal it sounds like you have a timer issue.

 

  • 6917 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!