04-21-2023 04:22 AM
I have an existing setup of Global protect Portal and gateway on first Firewall, I have created a New gateway on another Firewall and added that gateway to the portal of first firewall under Agent---> External gateway.
When I am connecting to Global protect from the app i am getting an IP address from the pool of first gateway which is the older one but not the new one which I have configured.
04-21-2023 05:35 AM
Check "Manual" checkbox on External Gateway tab.
This allows you manually choose which gateway you want to connect to.
Otherwise GlobalProtect app will look at priority and latency.
If gateway priority is same then app will connect to gateway with lowest latency.
04-21-2023 10:10 AM - edited 04-21-2023 10:12 AM
Note that the way the gateway selection algorithm works, the "Highest", "High", and "Medium" priorities are essentially the same. Assuming all gateways are reachable, it falls purely to the calculated latency as to which is selected by the client. If none of those are available then it selects from the "Low" and "Lowest" priorities based on latency. You can see the calculated latencies in the PanGPS.log file on the client under Troubleshooting.
04-21-2023 10:17 AM
Gateway priority/latency selection logic:
https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClVz
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
