Using GP on with multiple vsys' and a shared gateway?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using GP on with multiple vsys' and a shared gateway?

L0 Member

I have to be missing something completely logical here. We just deployed our pair of PA-5050's and I am in the process of setting up what I thought was going to be a simple GP VPN for remote management use.

When setting up the gateway and portal, it only gives me the option to use the local trusted interface for that vsys. In prior, smaller scale deployments, I always thought the external untrusted IP went here, but I believe it is unavailable due to the fact it is assigned to a shared gateway.


I attempted to create a static nat with an available IP and NAT it to the internal trusted interface on that vsys that was used in the GP Portal/GW config, however I receive no Global Protect login prompt, just an immediate "no data received" and the GP client errors out immediately.

Am I missing something completely logical and apparent here? I combed through the PAN-OS admin documentation but couldn't find anything addressing these scenario.

Thanks in advance for any thoughts.

1 accepted solution

Accepted Solutions

L0 Member

Figured it out. Missed an IP address within the GP gateway config beneath the interface selection. Knew it was something crazy simple. All good now.

View solution in original post

1 REPLY 1

L0 Member

Figured it out. Missed an IP address within the GP gateway config beneath the interface selection. Knew it was something crazy simple. All good now.

  • 1 accepted solution
  • 1795 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!