This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

adabar
L0 Member

‎08-05-2021 04:57 PM

Some replies here have unintended side effects that lead us down a different path:

 

GP adds "on-link" host routes for itself on the "main" ethernet interface when it connects.
Our workaround was a PS script to add a similar host route (via the WSL adapter virtual ethernet).

 

e.g. during our test when
- the WSL host had an IP of 172.25.175.245
- netstat showed interface #20  "Hyper-V Virtual Ethernet Adapter #2"  held our WSL network
- GlobalProtect's tunnel host route had a metric of 256 (though I imagine any value greater than 1 will do)

 

we got it working by adding
- route add 172.25.175.245 mask 255.255.255.255 172.25.175.245 metric 256 if 20

 

Without the route, WSL seems to be treated as coming from a local LAN (which is not allowed by configuration) rather than the local host.

Adding the route "fixes" that.

 

Ideally I should be able to direct GP to treat more than 1 interface as local on a multi-homed host.
Lacking that, we schedule scripts on interface up/down events.

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks