when connected to global protect VPN unable to see other devices on network

Reply
Highlighted
L4 Transporter

when connected to global protect VPN unable to see other devices on network

when connected to global protect VPN unable to see other devices on network

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
L1 Bithead

Re: when connected to global protect VPN unable to see other devices on network

is Internet connnectivity established when you connect the link ???

Highlighted
L4 Transporter

Re: when connected to global protect VPN unable to see other devices on network

Yes Interent is fine, i am able to connect to global protect Gateway also , able to access intranet resources.

Only thing is unable to access local resources like local printer etc.

 

Thanks in Advance.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
Community Team Member

Re: when connected to global protect VPN unable to see other devices on network

Hi @MandarKulkarni,

 

Did you disable access to the local subnet ?

 

Disable access to local networkDisable access to local network

 

Depending on your PAN-OS version :

 

PAN-OS 7.0 : Network tab > GlobalProtect > Gateways > <Your Gateway> > Client Configuration > Network Settings > <Your Config> > Network Settings

 

PAN-OS 7.1 : Network tab > GlobalProtect > Gateways > <Your Gateway> > Agent > Client Settings > <Your Config> > Network Settings

 

If that's the case then this article might be useful for you :

GlobalProtect Disable Local Subnet Access

 

I hope this helps,

-Kim.

Highlighted
L4 Transporter

Re: when connected to global protect VPN unable to see other devices on network

Thanks Kim

 

But we have enabled that feature. still local network is not accessible.

 

 

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
Community Team Member

Re: when connected to global protect VPN unable to see other devices on network

Did you mean disabled ? If the checkbox is checked, then you won't have access to your local resources.

 

If you want access to your local network, the option needs to be disabled (= not checked).

 

Hope this helps,

-Kim.

 

 

Highlighted
L4 Transporter

Re: when connected to global protect VPN unable to see other devices on network

it is not checked .

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
Community Team Member

Re: when connected to global protect VPN unable to see other devices on network

Hi,

 

Any access routes configured ?

I'd check my routing table when connected.  Are you egressing the expected interface while connected ?

 

-Kim.

Highlighted
L4 Transporter

Re: when connected to global protect VPN unable to see other devices on network

yes Egress interface is correct.

and I can see local routes learned gateway type On-link.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 | CCIE-SEC-Attempted
Highlighted
L3 Networker

Re: when connected to global protect VPN unable to see other devices on network

Hi, 

 

As its a gp connection its probably arriving on a different zone. Do you have rules in place to allow the traffic ? 

Enable the interzone logging rule and set it to log at session end. Do you see the traffic hit this rule ? 

Replicate trying to access machines on the network and filter by the user in the traffic logs , ping a screenshot up as a reply .. 

 

also make sure no denies hitting the threat logs or url logs .. 

 

kind regards

 

robert D 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!