This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Unable to reach GP Portal while on internal network

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unable to reach GP Portal while on internal network

ce1028
L4 Transporter

‎03-05-2020 05:25 PM

Hi All,

 

I was working with a site that has a PA firewall with a GP Portal and Gateway.  Some time ago, I had an issue where my users couldn't upgrade their globalprotect version while in the office. I was able to resolve this issue by creating a No NAT rule where if the source was internal and the destination was the IP of the portal.  That works as expected.

 

I'm now working with another site that has a GP Portal/Gateway on the firewall, I created the same No Nat rule, but these users are still not able to upgrade internally, they are not prompted.  They are not even able to hit the web portal.  The difference in this site is they are using a dual ISP setup.  This is setup using PBF.  e1/1 is the primary ISP, so there is the typical PBF rule for external traffic to forward out e1/1.   I'm not sure if the issue is related to PBF.  Has anyone come across this issue?

0 Likes Likes
4 REPLIES 4

Chacko42
L4 Transporter

‎03-06-2020 01:28 AM

Hi,

 

please make sure, that the users have a exception in the pbf rule, so they will led to the public interface with the gp portal.

Otherwise they will be forced to the wrong public interface.

 

Regards

Chacko

Best Regards
Chacko
0 Likes Likes

ce1028
L4 Transporter
In response to Chacko42

‎03-06-2020 10:23 AM

@Chacko42 

 

Not sure I'm clear what you mean?  The GP Portal is the IP of the e1/1 interface.  The PBF rule states if you from source internal to external, forward to e1/1

 

I tried creating a no PBF rule for the specific GP IP, but then that made things worse

0 Likes Likes

OwenFuller
L4 Transporter

‎03-06-2020 01:39 PM

Is there a security policy allowing ssl and panos-global-protect from your inside zone to the zone/address of the portal?

0 Likes Likes

ce1028
L4 Transporter
In response to OwenFuller

‎03-23-2020 10:16 AM

I was able to resolve this by excluding the GP portal from the PBF rule and then create a static route on the VR

0 Likes Likes
  • 5054 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks