Palo Alto Networks Knowledgebase: Running GlobalProtect on an IP Address Other than the One Configured on Interface
Running GlobalProtect on an IP Address Other than the One Configured on Interface
Created On 02/07/19 23:55 PM - Last Updated 02/07/19 23:56 PM
For this scenario, the IP address 192.168.200.1/24 is configured on ethernet1/4 and the user wants to run GlobalProtect on the IP address 192.168.200.2:
There are two options to achieve this:
Configure the IP address 192.168.200.2 on the interface itself as 192.168.200.2/32: Now, select this IP address in the GlobalProtect configuration after selecting interface ethernet1/4.
The second option is to terminate GlobalProtect on the loopback interface and create a NAT policy to perform a destination NAT from 192.168.200.2 to the loopback IP address. See the following link for more information on creating a NAT policy: How to create NAT and Security Policies from the CLI