when connected to global protect VPN unable to see other devices on network

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

when connected to global protect VPN unable to see other devices on network

L4 Transporter

when connected to global protect VPN unable to see other devices on network

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
9 REPLIES 9

L1 Bithead

is Internet connnectivity established when you connect the link ???

Yes Interent is fine, i am able to connect to global protect Gateway also , able to access intranet resources.

Only thing is unable to access local resources like local printer etc.

 

Thanks in Advance.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |

Community Team Member

Hi @fatboy1607,

 

Did you disable access to the local subnet ?

 

Disable access to local networkDisable access to local network

 

Depending on your PAN-OS version :

 

PAN-OS 7.0 : Network tab > GlobalProtect > Gateways > <Your Gateway> > Client Configuration > Network Settings > <Your Config> > Network Settings

 

PAN-OS 7.1 : Network tab > GlobalProtect > Gateways > <Your Gateway> > Agent > Client Settings > <Your Config> > Network Settings

 

If that's the case then this article might be useful for you :

GlobalProtect Disable Local Subnet Access

 

I hope this helps,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Thanks Kim

 

But we have enabled that feature. still local network is not accessible.

 

 

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |

Community Team Member

Did you mean disabled ? If the checkbox is checked, then you won't have access to your local resources.

 

If you want access to your local network, the option needs to be disabled (= not checked).

 

Hope this helps,

-Kim.

 

 

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

it is not checked .

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |

Community Team Member

Hi,

 

Any access routes configured ?

I'd check my routing table when connected.  Are you egressing the expected interface while connected ?

 

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

yes Egress interface is correct.

and I can see local routes learned gateway type On-link.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |

Hi, 

 

As its a gp connection its probably arriving on a different zone. Do you have rules in place to allow the traffic ? 

Enable the interzone logging rule and set it to log at session end. Do you see the traffic hit this rule ? 

Replicate trying to access machines on the network and filter by the user in the traffic logs , ping a screenshot up as a reply .. 

 

also make sure no denies hitting the threat logs or url logs .. 

 

kind regards

 

robert D 

  • 4235 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!