Hello Experts, Can you please clarify if Non-tunnel mode provide packet encryption, or just HIP/User-ID for the gateway? Does the traffic goes in from GlobalProtect (laptop) to GlobalProtect gateway (firewall) in non-tunnel mode setup? If it is encrypted, how much of IP header retained, is it just IP or ports are in clear as well? It is not clear from the documentation: Internal —An internal gateway is an interface on the internal network that is configured as a GlobalProtect gateway and applies security policies for internal resource access. When used in conjunction with User-ID and/or HIP checks, an internal gateway can be used to provide a secure, accurate method of identifying and controlling traffic based on user and/or device state. Internal gateways are useful in sensitive environments where authenticated access to critical resources is required. You can configure an internal gateway in either tunnel mode or non-tunnel mode. The GlobalProtect app connects to the internal gateway after performing internal host detection to determine the location of the endpoint. References: https://docs.paloaltonetworks.com/globalprotect/8-1/globalprotect-admin/globalprotect-gateways/globalprotect-gateway-concepts/types-of-gateways.html https://docs.paloaltonetworks.com/globalprotect/10-0/globalprotect-admin/globalprotect-quick-configs/mixed-internal-and-external-gateway-configuration.html
... View more