Assigning an Interface with a DHCP IP Address as the Portal/Gateway GlobalProtect IP

Assigning an Interface with a DHCP IP Address as the Portal/Gateway GlobalProtect IP

Created On 09/25/18 17:39 PM - Last Modified 05/21/20 15:52 PM

  • Unable to select an IP address for the interface being used by the GlobalProtect Portal and/or Gateway when the interface uses DHCP

  • PAN-OS 9.0+ (Starting in PAN-OS 5.0)
  • GlobalProtect Portal
  • GlobalProtect Gateway

  • Due to the nature of the Palo Alto Networks firewall, we are unable to specify an IP address for the GlobalProtect Portals and Gateways whenever the interface being used participates in DHCP.

  1. When you have an interface set to DHCP, that interface can be selected to be used by GlobalProtect for the Portal and/or Gateway, however, the IP address remains as None
  2. When using an interface that receives its IP address dynamically, you are unable to select an IP address when configuring that interface as a GlobalProtect Portal and/or Gateway. However, the dataplane will automatically use the dynamically assigned IP address of that interface when the user connects.
  3. If the interface were to renew its DHCP lease and receive a different IP address, the configuration would become invalid and GlobalProtect would not function if the firewall allowed us to specify the dynamically assigned address.


  • Below is a screenshot displaying the option of None in the dropdown selection for ethernet1/1 IP address as it uses DHCP.

Note: This is found by navigating to Networks > GlobalProtect > Gateways > Select your Gateway > General

Snapshot displaying the missing IP address of DHCP interface ethernet 1/1


Additional Information
For additional information regarding the configuration of GlobalProtect and its features, please refer to the following documentation:

  • Print
  • Copy Link

Choose Language