cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

Hey @serge.kovalev ,

By default GlobalProtect will add host route /32 for the IP assigned from the GP IP pool and one for the DNS server (if GP is configured to assign any). As @TomYoung suggest it seems you are using split-tunnel so the GP connect machines doesn't actually have routes for the GP network and don't know how to reach the other GP clients. This would different story if you are using full-tunnel, in this case GP will install default route poiniting to the tunnel so will not matter that there is no specific route for GP pool.

 

You should be able to confirm this by:

- Connect the 'client' machine to GP VPN

- Check host routing table (assuming it is Windows) by running "route print" in cmd/powershell prompt.

- On the firewall you should see specific routes for each IP assigned from the pool pointing to the tunnel associated with the GP gateway.

 

 

View solution in original post

Who rated this post