I was working with a site that has a PA firewall with a GP Portal and Gateway. Some time ago, I had an issue where my users couldn't upgrade their globalprotect version while in the office. I was able to resolve this issue by creating a No NAT rule where if the source was internal and the destination was the IP of the portal. That works as expected.
I'm now working with another site that has a GP Portal/Gateway on the firewall, I created the same No Nat rule, but these users are still not able to upgrade internally, they are not prompted. They are not even able to hit the web portal. The difference in this site is they are using a dual ISP setup. This is setup using PBF. e1/1 is the primary ISP, so there is the typical PBF rule for external traffic to forward out e1/1. I'm not sure if the issue is related to PBF. Has anyone come across this issue?
please make sure, that the users have a exception in the pbf rule, so they will led to the public interface with the gp portal.
Otherwise they will be forced to the wrong public interface.
Not sure I'm clear what you mean? The GP Portal is the IP of the e1/1 interface. The PBF rule states if you from source internal to external, forward to e1/1
I tried creating a no PBF rule for the specific GP IP, but then that made things worse
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!