Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
10-16-2019 02:15 PM
We've been troubleshooting some issues encountered when using the "Enforce GlobalProtect Connection for Network Access" option in our portal agent configuration. Our TAC engineer mentioned that he had seen a setting called "Allow traffic to specified hosts/networks when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established" in 8.1, but didn't see it in 9.0. (The setting should allow certain hosts to be exempted from the enforced use of GP.) However, today I noticed it in the portal config for the first time (we just updated to 9.0.4 last week). I tried putting in an IP address for the parameter value, and also using the whole subnet w/ mask. However, it didn't work to allow access to those hosts.
I can't seem to find documentation for this parameter anywhere! I've looked in the offline help in Panorama, v 8.1 and v 9.0 GlobalProtect administrator's guide, searching on this forum, and searching Google in general. The TAC engineer didn't even have documentation for this. Does anyone know the syntax, or how to get it to work?
