Global Protec

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protec

L1 Bithead

We are migrating from Cisco any connect to Global protect. From our cisco any connect all SAP applications from Juniper Pulse VPN are working. However when we connect on Global protect all SAP applications are working except The policies are allowed correct and all routes are correct, split tunnels also are set correctly and NAT.

We check the monitor and we verified that routes are correct its just weird that specific route is not seen by our PA


Have you encounter this issue? Any suggestion would greatly appreciated.




L4 Transporter

Hello @weezy 


When you connect by GP, and the DNS that it assigns you, resolves the address of that URL ?

If you do nslookup and query by that FQDN, does it resolve ?


Thinking about the DNS that you have assigned for GP clients to use.



High Sticker

Yes it resolves the address of that URL when I do a NS look up. So just to give you a back ground. Our users from KUL site are using Pulse Secure VPN and Cisco any connect simultaneously and on any connect they can access all the SAP portals. Since we are migrating from any connect to GP we tried to have them to connect on GP and access all the SAP APP and everything works except , the routes are correct, policies are allowed, split tunnel permits the 10/8 address because that portal uses a 10.x.x.x.x network 



OK, Can you try put exactly network of the portal ? for example ?

And then in th GP client check the routes to verified if the route is charging in the routes GP.

In 6.X Gp you can chek in Tshiit, advanced and routing table.

Try put in the split route, exactly route ( example: ), logoff login from gp VPN an then test and check Log monitor, filter source your IP GP.

Try to do a ping a tracert from Client use GP to check if the route is going to another site, device or is looping in a parte of your network.


High Sticker

The 10.x.x.x.x/8 is include on split tunnel and the address of that which is 10.x.x.x.x so technically it should be added. We had same issue with OKI site but we are able to fix it by adding host file for DNS. We already did it for KUL users and it seems that single SAP portal is not working, I have the user to connect on OKI VPN instead since they are configured the same way but still the user wsan't been able to access the SAP portal

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!