GlobalProtect client cant access internal resources

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect client cant access internal resources

L1 Bithead

PAN OS 8.1.22 / GlobalProtect Agent 6.0.3

 

(1) GlobalProtect has no issue connecting to portal/gateway (Dell Latitude, Windows 11)

(2) Gateway Access Route (split tunnel)(No direct access to local network is UNTICK) has access to 0.0.0.0/0

(3) VPN users authenticated are assign 10.0.1.1-40 address

(4) DNS assignment is 192.168.10.10/24 (dc-01.internal.site) - once connected via GP

(5) Internal servers/pcs are manually assign 192.168.10.0/24 address

(6) Internal servers includes webserver (192.168.10.60), email (192.168.10.90), file transfer (192.168.10.91), DC also DNS (192.168.10.10) and other workstation (PCs)

(7) These servers could be ping and reach via their dns names or IP addresses when GP is connected

(8) There is no extra configuration to the 'hosts' file from the GP Client PCs

 

CHANGES

(1) I configured and added a VM Hypervisor 6 on a Dell PowerEdge R230

(2) Management of Virtual Host is via GBport 1 with IP 192.168.1.180 (connected to internet)

(3) GBPort 2 is connected to 'Internal Network' (as described above to the network 192.168.10.0/24)

      - GBPort 2 is passthru to the Internal Network to be used by virtual machines

(4) I added 2 virtual machines ZIMBRA (192.168.10.81) & OWNCLOUD (192.168.10.80)

     - the machines has 2 network adapters assign (internet and internal)

(5) From these 2 machines i can access the internet and INTERNAL network, no problem

(6) I have add the DNS of these 2 machines to the DNS server

(7) From a workstation (within the INTERNAL network), i can ping both Zimbra/Owncloud via their IP and Domain names

     - i can also access the webpage of Zimbra and Owncloud

     - can send and receive emails

     - can download and upload from/to Owncloud server

(8) Firewall policy had been amended to include IP address of Zimbra and Owncloud

 

PROBLEM

- however, both Zimbra and Owncloud servers could not be access from GlobalProtect clients (as mentioned above, other resources could be reach)

- both servers could not be ping or reached

- nslookup showed dc-01.internal.site and 192.168.10.10 (can be reached)

 

Any help will be greatly apprciated

 

1 REPLY 1

L1 Bithead

zimbra

- /etc/hostname = zimbra.internal.site

- /etc/hosts = 192.168.10.81 zimbra.internal.site

- /runm/systemd/resolve/resolv.conf

  (nameserver 192.168.10.10 / nameserver 192.168.1.1 / search localdomain)

owncloud

- /etc/hostname = owncloud.internal.site

- /etc/hosts = 192.168.10.80 owncloud.internal.site

- /run/systemd/resolve/resolv.conf

  (nameserver 192.168.10.10 / nameserver 192.168.1.1)

 

  • 1240 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!