- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-02-2025 10:39 AM
Hi Friends,
Recently i am facing configuration issue with related to Global Protect.
The customer has an ISP line connected to a router, and from the router, it's connected to a Palo Alto firewall.
Now, the customer wants to use GlobalProtect, and I’ve completed all the basic configurations. However, I am encountering an issue while adding the external gateway.
The problem is that the ISP team has provided two different subnets of IPs: one for LAN and another for Public IPs. The public IPs are configured on the router, and the customer is using the LAN IPs provided by the ISP team to connect the router to the Palo Alto firewall.
Which IP range should I use to make GlobalProtect functional and operational?
For reference I am attaching a rough diagram of the topology.
Kindly suggest me on how to make it work.
Thanks and Regards
Monica Shree
03-03-2025 05:55 AM
As your Palo don't have access to public IPs you will configure GlobalProtect on interface with IP 10.254.10.2.
In public DNS you need to use real (public) IP for GlobalProtect record.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!