Global Protect for Google Chrome Client connects successfully but unable to connect to the internet- assigned IP 100.115.92.2

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect for Google Chrome Client connects successfully but unable to connect to the internet- assigned IP 100.115.92.2

L1 Bithead

Our Google Chrome client are not able to access any network resources including the internet after connecting to Global Protect app. I noticed that the following IP address was assigned 100.115.92.2 as opposed to the expected IP address from the configured pool subnet.

It appears as though there is some kind of segregation on the Google Chrome side- is there something I should be doing differently?

5 REPLIES 5

Cyber Elite
Cyber Elite

Hello,

I would start by checking the traffic logs to see if/where the traffic is getting blocked.

Regards,

L1 Bithead

Thanks,

I actually did check the logs before making this post- the traffic appears not to be making it to the firewall due to the weird assigned IP address of 100.115.92.2.

The current connected client list shows the correct assigned IP address on the firewall but there is no traffic matching this expected IP in the traffic log.

L6 Presenter

The IP 100.115.92.2 is a private CGNAT address range (all of 100.64.0.0/10 in fact). This IP space is typically used by cell providers and large consumer networks with customers behind a Carrier-Grade NAT (instead of using 10.0.0.0, 172.16.0.0, etc.). A 100.115.x.x is not internet routable, the internet IP will be something else.

L7 Applicator

have you tried overiding the interzone-default policy and set logging to session start.  this will show any explicit denies by the Palo.

you could also run tracepath on the local device to see if it's heading the right way...

 

L1 Bithead

Thanks everyone- I am looking for a way to stop Google Chrome from assigning the IP address 100.115.92.2. I have tested every other endpoint (iPhone, MacBook, Windows) successfully.

  • 1472 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!