We have a client with Global Protect Pre-logon, which assigns different IP pools to the Pre-logon user than to the known client.
Sometimes we see the connection get the Pri-logon IP and then switch to the known client IP, but other times we see it hang onto the Pre-logon address.
Firewall PAN-OS 8.1.15-h3
Client version 5.1.5
Any suggestions on where to look to figure out why it is inconsistent are appreciated.
We concluded that Global Protect was behaving as designed since the documentation we found indicated that for Windows machines, the tunnel would be renamed from pre-logon to the known user. The client changed his rulebase to apply rules based on user-id rather than ip range and as far as I know, this is working. It is not entirely satisfying, but as far as I can tell, this may just be the way gp works.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!