GlobalProtect
Advanced Internal Host Detection
Table of Contents
Advanced Internal Host Detection
Software Support: Starting with GlobalProtect™
app 6.1. Requires content release version 8615-7549.
OS Support: Windows 10, ARM64-Based Windows 10, macOS 11 and later releases, and ARM-Based
macOS 11 and later releases, and Linux, iOS, and
Android.
You can now configure advanced internal host
detection through the portal if you want to add an extra security
layer during internal host detection by the GlobalProtect app. With
the advanced internal host detection, the app validates the server
certificate of the internal gateways in addition to performing a
reverse DNS lookup of the internal host to determine whether the
app is inside the enterprise network.
Enabling the advanced
internal host detection stops malicious actors from spoofing the
reverse DNS server response during the internal host detection and
thereby prevents unauthorized access to the endpoints in the enterprise
network. When you enable the advanced internal host detection through
the portal and the user logs in to the GlobalProtect app, the workflow
looks as follows:
When a
user attempts to log in with advanced internal host detection enabled,
the GlobalProtect app is considered as inside the enterprise network
only when:
- The reverse DNS lookup of an internal host using the specified IP address to the hostname is successful during the internal host detection process.
- The app successfully validates the server certificate of at least one of the configured internal gateways.
If
the advanced internal host detection fails, the endpoint is considered
as outside the network and the app performs a network discovery
to connect to the best available external gateway.
By default,
advanced internal host detection is disabled.
- Ensure that the GlobalProtect internal gateway is configured.
- Ensure that the internal host detection is configured through the portal.
- Enable advanced internal host detection.
- Select .
- Select the portal configuration to which you are adding the agent configuration, and then select the Agent tab and select the desired agent configuration.
- Select App. The App Configurations
area displays the app settings with default values that you can
customize for each agent configuration.
- In the App Configurations area, set Enable Advance Internal Host Detection to Yes to add an additional security layer during the internal host detection by the app.
- Click OK and commit the changes.
- View the logs to verify
that advanced internal host detection is configured through portal.
- Verify the GlobalProtect logs for
advanced internal hosting detection for GlobalProtect app troubleshooting.
To view the logs:
- From the firewall hosting the portal, select
- Filter for advanced internal host detection to view the following events on the GlobalProtect logs page.
- Advanced Internal Host Detection successful
- Advanced Internal Host Detection failed
You can also view the advanced internal host detection related events in the PanGPS logs. - Verify the advanced internal host detection events
in the PanGPS logs. The PanGPS log displays the following events when:
- Advanced Internal Host Detection is enabled.Advanced IHD is yes
- Advanced Internal Host Detection is not enabled.Advanced IHD is no
- Advanced Internal Host Detection setting does not exist in portal configuration.Advanced IHD is not enabled
- Advanced Internal Host Detection fails and GlobalProtect falls back to external network discovery.Advanced IHD failed. Fallback to external network discovery.
- Advanced Internal Host Detection is enabled and Internal Host Detection is resolved to internal network.Skip setting network discovery ready for Advanced IHD.
- Server certificate validation is successful for at least one internal gateway.Set network ready to internal network for Advanced IHD.
- Verify the GlobalProtect logs for
advanced internal hosting detection for GlobalProtect app troubleshooting.
To view the logs:
