GlobalProtect Client Shows "Connected You are on the internal corporate network" but There is no IP Address-to-Username Mapping of the User

GlobalProtect Client Shows "Connected You are on the internal corporate network" but There is no IP Address-to-Username Mapping of the User

8971
Created On 07/02/24 05:31 AM - Last Modified 01/17/25 21:37 PM


Symptom


  • GlobalProtect App shows "Connected You are on the internal corporate network".
  • There is no IP address-to-username mapping of the user in User-ID log sourced from GP.
  • User traffic is not matching the intended user-based security policy.


image.png

Environment


  • GlobalProtect (GP) App
  • GP App Versions 6.0.8 or later / 6.1.3 or later / 6.2.3 or later
  • Internal Host Detection
  • Internal Gateway(s)

Cause


  • When GP App shows "Connected You are on the internal corporate network", it means the internal host detection has been completed.
  • The message does not mean client is authenticated to internal gateway.

Resolution


Ensure the GP App is authenticated to internal gateway from Host Information Profile. Follow the procedure below for verification.

  1. If the GP App is authenticated to internal gateway, Host Information Profile > More Details shows information about internal gateway such as last check-in time, gateway name and authentication status for each of internal gateway the client is successfully authenticated to.
    image.png

 

  1. If the GP App is not authenticated to internal gateway but Internal Host Detection is successful, Host Information Profile >  More Details does not show information about the internal gateway.
    image.png

Additional Information


GlobalProtect for Internal HIP Checking and User-Based Access
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000010zAWCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language