GlobalProtect app fails to detect Internal Network with Internal Host Detection enabled

GlobalProtect app fails to detect Internal Network with Internal Host Detection enabled

Created On 09/26/18 13:50 PM - Last Modified 01/26/22 20:59 PM


GlobalProtect app fails to detect if it is in the internal to the corporate network when Internal Host Detection is enabled.


  • GlobalProtect app
  • Windows clients
  • macOS clients


Once the GlobalProtect app has successfully connected to portal and downloaded its agent configuration, it performs network discovery during which it checks if Internal Host Detection is configured or not. If configured, GlobalProtect app will attempt a reverse DNS lookup using the specified IP address to the specified hostname. In either case (failure or success), an entry would be made in the PanGPS.log file about the reverse DNS lookup result. If it fails, please check the following for troubleshooting Internal Host Detection issues:

  1. Check the following article for common DNS query response errors in PanGPS.log file
    Most Common DNS Query Responses for Internal Host Detection

  2. Run below command from the affected machine to check if the reverse DNS lookup returns the hostname that matches the hostname configured under Internal tab of GlobalProtect portal agent configuration

    ping -a <IP-address>
  3. The specified IP address does not have to be reachable internally. GlobalProtect app only verifies by reverse DNS lookup, not by pinging the IP address
  4. Hostname is case-sensitive. Please make sure that hostname in the PTR record matches exactly to the GlobalProtect portal agent configured hostname
  5. When no hostname is returned, kindly check if the internal DNS server(s) have the PTR record and has been configured with the specified IP address

Additional Information

Internal Host Detection is not supported when the Connect Method is On-Demand

  • Print
  • Copy Link

Choose Language