GlobalProtect Client Stuck at Connecting when Workstation is on the Local Network
When users whose computers installed with GlobalProtect Client are on the internal network, they are not able to successfully connect to the GlobalProtect Gateway or Portal. Whereas, users attempting to connect from the Internet work fine.
- Global Protect
The most common situation is when the GlobalProtect Client users on the internal network attempt to connect to the gateway or portal on the external interface. The communication fails because the firewall identifies the communication as internal to external zone communication and the firewall chooses the outbound NAT rule which translates the source address of the packet to the external interface IP address. Since, the destination in the packet is already the IP address of the external interface the packet now appears to have the same source and destination IP address which would create an unintentional LAN attack, thus the Palo Alto Networks firewalls drops these sessions.
See the following link for more information: Unable to Connect to or Ping a Firewall Interface