GlobalProtect Users and Internal Resources

GlobalProtect Users and Internal Resources

Created On 09/25/18 19:36 PM - Last Modified 02/08/19 00:02 AM


Sometime even if the configuration is correct, GlobalProtect users are  unable to access internal resources. This situation may result because the subnet assigned to GlobalProtect is used somewhere in the network or there is a routing issue.


Global Protect.PNG


A workaround is to put the tunnel interface used in the GlobalProtect configuration in a different zone (GP-VPN) and do a source NAT for desired traffic. Make sure you have a security policy to allow the traffic.


Following is the topology:


GlobalProtect users are in GP-VPN zone, Servers are in DMZ-L3 zone and internal host are in Trust-L3 zone.




If you are try to access the resources in the DMZ-L3 zone, then do a source NAT from GP-VPN to DMZ-L3




Security policy:


  • Print
  • Copy Link

Choose Language