GlobalProtect Portal Internal Gateway Not Filtering by Source IP Address

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L0 Member
No ratings



While configuring internal gateway settings under Global Protect portal, you can choose to filter which users can connect to the Internal gateway by source IP address. However, when configuring that option users from other source IPs not listed in the configuration are still able to connect to the internal gateway. 



Configuring source IP address will not take effect if Internal Host Detection is configured and enabled. Users will always connect to the Internal gateway if their Global Protect app can resolve the IP to DNS name using reverse DNS lookup and the source address will be be considered in this case.





Turn Off Internal Host Detection and configure source IP address for all subnets allowed to connect to the Internal Gateway, a security policy is also required to allow user source IPs to connect to the Internal Gateway IP address.




Rate this article:
L1 Bithead

Thanks, Karam.  That's very helpful.

Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎03-31-2022 10:52 AM
Updated by: