- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-02-2019 10:42 PM
Hi
Can any one explain the difference between the ip pools
a) Global protect / gateways ... external gateway / agent / Client ip pool
vs
b) Global protect / gateways ... external gateway / agent / client setting / ip pool
so for
a) I can't reference an object .. thats annoying
b) I get the pool is just for that setup, I do like having 1 pool of the gateway.
Currently I have a object defined which is a range which is attached to b), but I am thinking of moving to a) so that I can have different configs but just 1 ip pool
whats the use case for these different setups
05-05-2019 11:23 AM
Hi @Alex_Samad
There are two options so that you can either specify a general IP pool for the GP gateway or specific IP pools for example for different OS, user(groups) and/or source IPs/regions.
As long as a general IP pool is configured the IP pool option in the client setting is greyed out.
@Mick_Ball what version are you running? According to the documentation it is already possible as described by @Alex_Samad since PAN-OS 8.0. Right now I had only a PAN-OS 9.0 firewall in my homelab.
05-03-2019 01:44 AM
@Alex_Samad , Hi.
I can reference a) Global protect / gateways ... external gateway / agent / Client ip pool
/Network/GlobalProtect/Gateways/Agent/Client settings/Configs/IP pools
But I cannot find b) Global protect / gateways ... external gateway / agent / client setting / ip pool
05-03-2019 02:38 PM - edited 05-03-2019 03:09 PM
click network on top tab
global / protect
gateways
<select an external gateway>
Select agent on the left
across the top you should have
Client IP Pool <<< This is A
Client setting
Select client setting
you have a table of configs
<select a config>
across the top is ip pools << This is B
05-05-2019 11:23 AM
Hi @Alex_Samad
There are two options so that you can either specify a general IP pool for the GP gateway or specific IP pools for example for different OS, user(groups) and/or source IPs/regions.
As long as a general IP pool is configured the IP pool option in the client setting is greyed out.
@Mick_Ball what version are you running? According to the documentation it is already possible as described by @Alex_Samad since PAN-OS 8.0. Right now I had only a PAN-OS 9.0 firewall in my homelab.
05-06-2019 02:17 AM
Hi
@Mick_Ball sorry I didn't orignally see the SS, wasn't using the web interface.
I'm on 8.1.5
@Remo so which is the prefered ?
I do like at the gateway level not the config level
05-06-2019 03:48 AM
@Alex_Samad wrote:@Remo so which is the prefered ?
I don't know. I personally prefer the general IP pool as I have multiple gateways för different use cases - so I don't need specific client settings based on the possible attributes.
05-06-2019 03:58 AM
yes can see it now, lab was 8.08...
04-13-2020 05:45 PM
Is there a limit on how many GP IP Pools we can configure on PA-5250s on PAN-OS 9.0 ? I am looking for 50 IP Pool subnets. Is that possible?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!