I'm hoping that someone from PAN Support or Development can answer this question. I have been fighting with this for weeks now and have narrow the problem down to the GP Portal service. Scenario I have a PA-200 in my lab with two Layer3 interfaces defined. The Internal L3 interface has a Static IP for the local network, while the other L3 interface gets it's IP Dynamically from the Comcast ISP. I configured my GlobalProtect Portal & External Gateway to use the L3 interface that is dynamically addressed. From the Public side, users can access the Portal and Gateway just fine. From the local network, users cannot access the Portal or Gateway, even though I have configured my Source-NAT to not NAT traffic sourced from the LAN destined for the Public IP address. Now, here's where it gets weird. I have other computers on my local network that have Public DNS names, so I've created U-Turn NATs to access these devices. Everything works great! I even took away the GP Portal & Gateway from the Public IP interface and tried NATting traffic for the Portal & Gateway to Loopback addresses. Same problem, even worst. Not even users from the Public side can connect to the Portal & Gateway while the Public IP is dynamically assigned. When I make the Public interface a Static IP address everything, including the GP Portal & Gateway NATted to the loopback works great. There seems to be an issue with the GP Portal & Gateway service when trying to connect if the IPs are dynamically assigned on the interface they are bound to or being NATted from. Can someone in PAN Support or Development please shed some light on this issue? Thanks, Jeff
... View more