Palo Alto Networks Knowledgebase: Running GlobalProtect on an IP Address Other than the One Configured on Interface

Running GlobalProtect on an IP Address Other than the One Configured on Interface

5362
Created On 02/07/19 23:55 PM - Last Updated 02/07/19 23:56 PM
VPNs
Resolution

Details

For this scenario, the IP address 192.168.200.1/24 is configured on ethernet1/4 and the user wants to run GlobalProtect on the IP address 192.168.200.2:

SSLVPN_1.JPG

 

Steps

There are two options to achieve this:

  1. Configure the IP address 192.168.200.2 on the interface itself as 192.168.200.2/32:SSLVPN_2.JPG
    Now, select this IP address in the GlobalProtect configuration after selecting interface ethernet1/4.
  2. The second option is to terminate GlobalProtect on the loopback interface and create a NAT policy to perform a destination NAT from 192.168.200.2 to the loopback IP address.
    See the following link for more information on creating a NAT policy: How to create NAT and Security Policies from the CLI

 

See Also

Fundamentals Guide: Security Policies

How to Create a NAT Rule on the CLI

 

owner: csharma



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJHCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language