GlobalProtect Portal Internal Gateway Not Filtering by Source IP Address

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
L0 Member
No ratings

Symptoms

 

While configuring internal gateway settings under Global Protect portal, you can choose to filter which users can connect to the Internal gateway by source IP address. However, when configuring that option users from other source IPs not listed in the configuration are still able to connect to the internal gateway. 

Diagnosis

 

Configuring source IP address will not take effect if Internal Host Detection is configured and enabled. Users will always connect to the Internal gateway if their Global Protect app can resolve the IP to DNS name using reverse DNS lookup and the source address will be be considered in this case.

 

khanna_1-1647303510192.png

Solution

 

Turn Off Internal Host Detection and configure source IP address for all subnets allowed to connect to the Internal Gateway, a security policy is also required to allow user source IPs to connect to the Internal Gateway IP address.

 

khanna_2-1647303593054.png

 

Rate this article:
(1)
Comments
L1 Bithead

Thanks, Karam.  That's very helpful.

 
  • 7005 Views
  • 1 comments
  • 1 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎03-31-2022 10:52 AM
Updated by: