How to run GlobalProtect on an IP Address Other than the One Configured on Interface

How to run GlobalProtect on an IP Address Other than the One Configured on Interface

41343
Created On 09/25/18 17:46 PM - Last Modified 03/13/26 20:47 PM


Objective


For this scenario, the IP address 192.168.200.1/24 is configured on ethernet1/3 and the user wants to run GlobalProtect on the IP address 192.168.200.2:

Interface Configuration 

Environment


  • Next-Gen Firewalls
  • Supported PAN-OS
  • GlobalProtect

Procedure


There are two ways to achieve this:

  1. Configure the IP address 192.168.200.2/32 as additional IP on the interface 1/3.

Interface configuration with Secondary IP

  1. Now, select this IP address in the GlobalProtect configuration after selecting interface ethernet1/3.
  2. The second option is to terminate GlobalProtect on the loopback interface and create a NAT policy to perform a destination NAT from 192.168.200.2 to the loopback IP address.

 

Additional Information


How to create and view NAT Policies using the CLI
Resource List: Security Policy Configuring and Troubleshooting
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJHCA0&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language