When your remote users rely on both the GlobalProtect app and a third-party VPN client, the applications can conflict, leading to issues with User-ID recognition. Traditionally, if the third-party VPN establishes its tunnel before the GlobalProtect app can complete its internal host detection process, the User-ID mapping fails, causing policy enforcement problems. This prevents you from maintaining consistent, user-based security policies for all traffic.

To resolve this complex interoperability challenge, the GlobalProtect app, starting with version 6.3.1 and later releases, introduces the Enable Intelligent Internal Host Detection parameter. This parameter ensures that identification functions work seamlessly alongside external network agents.

When you enable the Intelligent Internal Host Detection parameter, the GlobalProtect app detects the presence of the third-party VPN agent. The application then re-triggers the network discovery processes until the Internal Host Detection is successfully completed. This capability ensures that User-ID mapping and appropriate internal security policies are applied, regardless of the order in which the 3rd party VPN tunnels are established. This functionality eliminates gaps in user-specific policy enforcement when your users rely on external VPNs for accessing private applications.

For information on how to enable this parameter, see Customize the GobalProtect app.