11-14-2018 12:31 AM - edited 11-14-2018 12:53 AM
Hello all
we have mobile clients with GP which use corporate notebooks at home .It was configured user logon option to force the notebook to connect through GP when it connects to home WI-FI
When the same worker comes back to workplace and plugged in the ethernet cable they still use the same GP network
Is there any way to force the client notebook to recognize the internal network and dont use GP with user logon option in place?
11-14-2018 07:09 PM
Please do verify if you have any routing issues/firewall block with in internal network for connecting to your portal public IP. Access to GP portal will work irrespective of client location (either internal network or from internet) until it is reachable.
11-14-2018 10:34 PM
So in order to connect to outside IP i have to configure it as gateway under internal host detection ?
11-14-2018 11:23 PM - edited 11-14-2018 11:25 PM
No, the internal host detection should be something that is on your internal network an resolvable by DNS.
so if you have a domain controller called ad.mynet.com and its address is 10.10.10.1 then put it in the internal host detection settings.
it does not have to be a server, anything that exists on your lan will suffice.
but you need to confirm you can srill see external portal address from lan.
can you browse to it from your lan.
11-15-2018 11:37 AM
Mike i guess we must configure split DNS in order to connect to the same FQDN whether we are inside the LAN or outside
It is not best practice to connect to your outside ip through your gateway device.
In GP there is internal Gateway.I guess the internal gateway is the method by which you can connect to portal through your internal gateway
11-15-2018 10:46 PM
When you use internal host detection you do not need to connect to a gateway.
you only connect to the portal to get your portal config..
when you get your portal configuration from your external address the GP clien does a quick test on the settings you have for internal host detection.
if it detects the internal host Then GP client stops trying to connect and you get a little house in your GP icon.
so to confirm.... you do not need internal gateways for internal host detection.
you do not need split DNS. What happens when you browse to your external portal address from your lan.
11-15-2018 11:15 PM
11-15-2018 11:25 PM
When you ping the url, i know it fails but is it resolving to an ip address.
11-21-2018 05:38 AM
I recently stood up GP in my company following the same general setup you have.
We do certificate based authentication for everything (Internal and External portals).
We are always on
No split-tunneling
Use internal host detection
Use pre-login
Use an internal gateway (but don't force interal traffic through the gateway)
Certificate base authentication to internal and external GWs (This allows for no user interaction to connect)
We have an internal PKI which signs our GW/Portal certs and issues machine certs
We have no issues with user connecting at home or in the office. If your users aren't even connecting it sounds like you have somethign wrong if authentication.
If they're connecting to the external GW when they're internal it sounds like you have a timer issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
