04-07-2021 01:29 PM
Hi All,
I recently configured an HA pair of 3220s for Global Protect. I have the firewalls handing out IPs from the 192.168.124.0/22 network. The clients can connect and get the correct IPs but are not able to reach internal resources. This same IP range had been setup on a pair of 5250s and I believe I had everything setup for this to work on the new 3220s but for some reason it is not working.
I can see that the 3220s have routes for everything on our network and can reach them as well as the outside world. I'm not sure what else to check on the Global Protect gateway. Any ideas?
04-07-2021 01:38 PM
Hello @Brett-Welch
Do you have a route on your internal network for 192.168.124.0/22 pointing to the firewall?
04-07-2021 02:55 PM
So that was a partial solution to the problem. I didn't realize that there had been some static routes that had been set to point to the 5250s where this was previously set up. I adjusted the static routes to point to the new 3220s and I am now able to ping the internal DNS and do NS Lookups via the internal DNS but cannot resolve over http to internal sites it seems and when I set a static on the VPN adapter, I can no longer ping the internal DNS or do nslookups.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
