Assign Fixed IP Address to Global Protect Users with ldap+radius

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Assign Fixed IP Address to Global Protect Users with ldap+radius

L2 Linker

Hi all,

I've tried to assign a static ip address to global protect connection using this kb https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UkxCAE but it doesn't work.

The support says that if we have ldap auth for username/password and radius authentication for 2fa it can't work.

If this method really can't work, I've set the registry key as explained here https://docs.paloaltonetworks.com/globalprotect/4-1/globalprotect-app-new-features/new-features-rele...

 

But this static ip is defined on the client, so the firewall could have already set this ip to another user.

Is correct to define an ip pool different from the network of the static ip address? It seems working but just to know if anyone has done this configuration before.

 

For example:

- ip pool 192.168.100.0/24

- fixed ip address 192.168.101.1

 

I think that 

- if a user doesn't have the registry key, it will take an address of the pool 192.168.100.0/24

- if a user has the key set, can take the address set in the registry key without having override problem

 

Is that correct?

 

Thanks!

 

0 REPLIES 0
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!