GlobalProtect Clients Home IP's showing up in DNS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect Clients Home IP's showing up in DNS

L2 Linker

Like many organizations, we have had to enable VPN access for more individuals during the COVID-19 crisis. We recently noticed that about half of the 42 machines display their home's local LAN IP address in our DNS server. This is in addition to the IP address that GlobalProtect issues. One of my sysadmins pointed out a way to fix this is to disable the Register this connection's addresses in DNS feature on the Ethernet or wireless NIC adapter in Windows 10 (not the PANGP adapter). This would stop the adapter from sending the 192.168.x.x IP to our DNS server and adding it to the A record. 

nic setting.png

 

Is there another way to get around this? 

1 accepted solution

Accepted Solutions

I've posted this on a couple forums now, and it seems like this is an issue regardless of which VPN solution you use. That option to register this connection's address in DNS is a default option in our Windows 10 image. We got around it by looking up the GP IP for the user, edit our hosts file entry with the GP IP and the FQDN, and then issuing the following commands to remotely connect to the computer and uncheck that DNS option. We eventually put this into a script, and now a GPO.

 

#Connect remotely to multiple computers using admin Account
Enter-PSSession –ComputerName mycomputername –Credential domain\username

 

#Check to see if DNS registry option is checked

Get-NetAdapter Ethernet | Get-DNSClient
Get-NetAdapter Wi-Fi | Get-DNSClient

#Sets the DNS Registry option on Ethernet interface to False (turns off)

Get-NetAdapter Ethernet | Set-DNSClient –RegisterThisConnectionsAddress $False
Get-NetAdapter Wi-Fi| Set-DNSClient –RegisterThisConnectionsAddress $False

 

#Force ipconfig /registerdns

Register-DnsClient

View solution in original post

3 REPLIES 3

L4 Transporter

Hi Fr4nk4,

 

Please go through this link to remove the local IP from dns record: https://support.microsoft.com/en-us/help/2933537/clearing-the-register-this-connection-s-addresses-i...

 

I am not sure of another way to do this. What made you select that option in the first place?

I've posted this on a couple forums now, and it seems like this is an issue regardless of which VPN solution you use. That option to register this connection's address in DNS is a default option in our Windows 10 image. We got around it by looking up the GP IP for the user, edit our hosts file entry with the GP IP and the FQDN, and then issuing the following commands to remotely connect to the computer and uncheck that DNS option. We eventually put this into a script, and now a GPO.

 

#Connect remotely to multiple computers using admin Account
Enter-PSSession –ComputerName mycomputername –Credential domain\username

 

#Check to see if DNS registry option is checked

Get-NetAdapter Ethernet | Get-DNSClient
Get-NetAdapter Wi-Fi | Get-DNSClient

#Sets the DNS Registry option on Ethernet interface to False (turns off)

Get-NetAdapter Ethernet | Set-DNSClient –RegisterThisConnectionsAddress $False
Get-NetAdapter Wi-Fi| Set-DNSClient –RegisterThisConnectionsAddress $False

 

#Force ipconfig /registerdns

Register-DnsClient

L1 Bithead

HiGuys,

I have a client and they want to keep the "Register this connection's addresses in DNS" option enabled as they want to use WIFI provided addresses when workers are in office and use GP provided address when working from home. Is there any other way to fix duplicate IP problem on DNS server.

 

 

  • 1 accepted solution
  • 10251 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!