How to run GlobalProtect on an IP Address Other than the One Configured on Interface

How to run GlobalProtect on an IP Address Other than the One Configured on Interface

29756
Created On 09/25/18 17:46 PM - Last Modified 06/16/23 17:05 PM


Symptom


For this scenario, the IP address 192.168.200.1/24 is configured on ethernet1/4 and the user wants to run GlobalProtect on the IP address 192.168.200.2:
ethernet1/4

Resolution


There are two ways to achieve this:

  1. Configure the IP address 192.168.200.2 on the interface itself as 192.168.200.2/32:SSLVPN_2.JPG
    Now, select this IP address in the GlobalProtect configuration after selecting interface ethernet1/4.
  2. The second option is to terminate GlobalProtect on the loopback interface and create a NAT policy to perform a destination NAT from 192.168.200.2 to the loopback IP address.

 

Additional Information


HOW TO CREATE AND VIEW NAT POLICIES USING THE CLI
RESOURCE LIST: SECURITY POLICY CONFIGURING AND TROUBLESHOOTING
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJH&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language