Will GlobalProtect users remain connected if the IP pool is removed or changed from gateway configuration?

Will GlobalProtect users remain connected if the IP pool is removed or changed from gateway configuration?

8419
Created On 04/13/20 15:37 PM - Last Modified 09/11/21 02:49 AM


Question


Will GlobalProtect users remain connected if the IP pool is removed or changed from gateway configuration?

Environment


  • Palo Alto Firewall.
  • PAN-OS 8.1 and above.
  • Global Protect Gateway configured.

Answer


Users who are already connected to gateway will retain the same private address from the previous IP pool and will not be disconnected until connection is refreshed from GP agent.


 

Additional Information


Check the example below to confirm the above mentioned behavior.

Before changes user is connected with 192.134.0.13 private IP assigned by gateway IP pool:

User-added image


After configuration changed commit, user is still connected with same IP and can access all configured resources through firewall:

User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPabCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language