GlobalProtect client does not perform network discovery when it switches from external to internal network
48491
Created On 03/15/19 10:34 AM - Last Modified 01/17/24 22:22 PM
Symptom
- GlobalProtect client establishes an IPSec tunnel with internal gateway through an internal Wi-Fi network.
- The user changes the network to external Wi-Fi network.
- GlobalProtect performs network discovery, prompts for MFA passcode and establishes a new IPSec tunnel after authentication.
- The network change is done again, from external to the internal Wi-Fi.
- Now the GlobalProtect does not perform another network discovery and stays connected to the external gateway.
Environment
- GlobalProtect (GP) App
- Supported client versions
- GP Gateway
Cause
- If a user switches from an external network to an internal network before the timeout value expires ("Automatic Restoration of VPN Connection Timeout”), GlobalProtect does not perform network discovery.
- As a result, GlobalProtect restores the connection to the last known external gateway.
- To trigger an immediate internal host detection, select "Refresh Connection" in the GP App settings.
Resolution
- This is an expected behavior.
- To trigger the immediate network discovery upon network change, set the value of Automatic Restoration of VPN Connection Timeout to 0
- This would also trigger the network discovery when any network/route change events like switching Wi-Fi networks, Wi-Fi network going down, connecting to docking station, adapter being turned on/off occur.