Cannot use VPN client on ethernet connected device if Hardware NAT is enabled

  • Re: GlobalVPN connection issue with Hardware NAT enabled

    I also have this issue. I use Palo Alto GlobalProtect for work, and i noticed that the vpn tunnel stopped receiving incoming packets after I upgraded to Amplifi v3.3.0. This bug is present in 3.4.0 and current 3.4.1 as well. I can connect perfectly fine to VPN if I unplug ethernet and just go wireless.

    After some long troubleshooting, I decided to disable hardware nat on the amplifi and like magic, I was able to receive incoming packets again on my VPN client when on ethernet! If I toggle Hardware NAT on again, the vpn connection will stop receiving incoming packets.

    This has been working fine for many, many months and I have been running 3.1.2 (I think Oct 2019?) during that time. No issue with Hardware NAT enabled and VPN clients tunneling over ethernet.

    Could this please be looked into and resolved? I have gigabit service and would like to continue to take advantage of the full speed, but if I have to leave hardware nat disabled to do my work i'm only going to get about 200Mbps. tldr; bug not present in 3.1.2, seems to be present in 3.3.0, 3.4.0, and 3.4.1. I tried to perform a firmware rollback but the lowest I can go back to is 3.3.0! Argh!

    Is there a way I can downgrade my firmware manually to 3.1.2 again?


  • Just want to +1 that this is still an active, painful issue.

    My company uses GlobalProtect as well, and some update of Amplifi years back caused this to happen. Turning Hardware NAT off helps, but then I lose ethernet performance.

    My other VPN clients aren't vulnerable to this. And, because toggling Hardware NAT on/off on Amplifi reproduces the issue, it seems to be a clear issue with Amplifi, not the GlobalProtect VPN software.

Log in to reply