Trying to understand why GP is assigning static IPs to GP clients. We are running GP 5.2.5 and the clients are getting assigned with static IPs, they are able to connect fine without any problem for now but one of the employee when she is working remotely had an issue with GP not having gateway address in there. I was able to get her going by putting GP gateway address in it. But not sure if this is normal or how this works. Any help would be appreciated.
Your question isn't entirely clear. When a client connects to the gateway they are assigned a preferred IP, and absent a few conditions they will continue to utilize that preferred IP for any further connections. That is expected and totally normal behavior.
To be clear however, this is not the same as assigning a static IP to that endpoint. If you start running out of addresses in your address pool, the firewall will start re-assigning addresses from disconnected clients. So while addresses do largely stay the same when clients connect, it's not actually static and a number of conditions can get the client to pull a new address.
Hope that's clear enough and what you're actually asking about.
So, the scenario was something like this, One of the employee when she connected to VPN, she was not able to access the internet at all. But when disconnected from VPN everything works perfectly normal. Remaining all 80 users currently are doing fine without any problems. Now, when I checked her computer (Win 10), she had a virtual adapter installed and when I looked up at IPv4 settings of it, saw the GP IP was set to static with /32 subnet and no gateway in place. So, when I entered the gateway information her internet was working fine. So, no idea if the GP was supposed to have static or DHCP.
Sounds like something with the users route table got screwed up. This can happen depending on your agent settings and if you have IP overlap between the users local network and your enterprise network.
GlobalProtect by design doesn't assign a gateway to the virtual adapter and will always show a /32. It installs routes into the route table to handle the actual traffic routing so the endpoint knows how to route traffic. There's some instances where you can see this type of behavior when the local network overlaps your enterprise network depending on how you have certain options configured (such as any split-tunneling or allowing local LAN access when connected to GlobalProtect) which would cause the behavior that this user was experiencing.
Yes, you are kind of getting closer. So, we do have a split tunneling in place. It has our enterprise networks included which makes if the destination IP is one of the IP which we included in split tunnel will cause it to travel from the tunnel, remaining all traffic travels from their local ISP. Now, for some reason I saw 192.168 network included in the split tunnel which is not part of our network And her local ISP had gateway with 192.168.1.1. So, I removed that network from our split tunnel and committed the changes but still it was causing her problems accessing internet until I put in tunnel gateway IP in there.
Now, that being said, There might be n number of users that might have their local LAN in 192.168 right, I wonder why it happened particularly with her.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!