GlobalProtect client does not perform network discovery when it switches from external to internal network

GlobalProtect client does not perform network discovery when it switches from external to internal network

44894
Created On 03/15/19 10:34 AM - Last Modified 01/17/24 22:22 PM


Symptom


  • GlobalProtect client establishes an IPSec tunnel with internal gateway through an internal Wi-Fi network.
  • The user changes the network to external Wi-Fi network.
  • GlobalProtect performs network discovery, prompts for MFA passcode and establishes a new IPSec tunnel after authentication.
  • The network change is done again, from external to the internal Wi-Fi.
  • Now the GlobalProtect does not perform another network discovery and stays connected to the external gateway. 

Environment


  • GlobalProtect (GP) App
  • Supported client versions
  • GP Gateway

Cause


  • If a user switches from an external network to an internal network before the timeout value expires ("Automatic Restoration of VPN Connection Timeout”), GlobalProtect does not perform network discovery.
  • As a result, GlobalProtect restores the connection to the last known external gateway.
  • To trigger an immediate internal host detection, select "Refresh Connection" in the GP App settings.

Resolution


  1. This is an expected behavior.
  2. To trigger the immediate network discovery upon network change, set the value of Automatic Restoration of VPN Connection Timeout to 0
  3. This would also trigger the network discovery when any network/route change events like switching Wi-Fi networks, Wi-Fi network going down, connecting to docking station, adapter being turned on/off occur.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boKfCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language