06-14-2023 02:25 AM - edited 06-14-2023 02:51 AM
Hello,
I have an issue with Global protect connection for our customer.
They are trying to connect via external PC/network and are having issues.
When they are trying fomr internal PC/network they have no issues at all.
I have a log from Global Protect app that customer send me.
Can you guys help me what could be the issue here ? I am running out of ideas. If you need more screen shots or logs from Palo Alto I can provide.
06-14-2023 05:39 AM
You try to connect to GlobalProtect from inside or outside the network?
Portal and gateway run on same interface on Palo?
Portal loads when you try to access it with browser from same computer?
06-14-2023 05:50 AM
Hello Raido,
1/ When trying to connect from customer network it is working. When trying to connect via external network it is not working. They told me thay have some external PCs that they tried and not working. Right now they need a external consultant to be able to connect to Global Protect VPN and he cannot.
2/ Yes both run on same interface on Palo Alto.
3/ I tried from my personnal PC to get to vpnb.xxxxxxxxx.xx.com and was able to load the page. Tried from my work PC and same was able to load the vpnb.xxxxxx.xx.com web page.
To add some info
a/ Before 23.5.2023 the external user was able to connect via external PC.
b/ We discovered with server gus that the Azure MFA certificate on that RADIUS server expired on 21.5.2023 so we renew it ( around 2nd of June ) as we thouoght this was the issue.
c/ since 23.5.2023 the user is having issues to connect.
Attaching another screen with user. Right now I think maybe it should work after the certificate renewal but looks like he locked himself on LDAP right now ?
06-14-2023 05:57 AM
From last screenshot.
Portal login is with LDAP.
Gateway login is with RADIUS.
After 23.05 RADIUS gives timeout.
Go to Monitor > System and filter ( subtype eq auth ) evets.
From Monitor > Traffic check if traffic is sent to RADIUS IP (in case this traffic passes Palo) and if there are return packets.
If packets are sent but not returned then next step is to check RADIUS logs why it don't accept logins.
06-14-2023 06:21 AM
Hello Raido,
Thank you for the info:
I am attaching log from system monitor. So yeah looks like RADIUS server suddenly stopped working.
Becasue as you can see from picture it was all working and something happened to it.
And one more thing. Server guys do not know why but the NPA event viewer is 0. There is no log in it.
And I found this in the event logs :
This is from 12.05.2023 last time the user was able to connect without issues:
NPS Extension for Azure MFA: CID: edbe2393-a7fb-4287-bf4d-064c8870798c : Access Accepted for user rpa with Azure MFA response: Success and message: session 31057c66-4c0c-4f2d-8064-e7041572e131
And very first failure try from 23.05.2023
NPS Extension for Azure MFA: IP Whitelist not intialized:: ErrorCode:: REGISTRY_CONFIG_ERROR Msg:: Neither registry entry not default value found for key: IP_WHITELIST Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827 for detailed troubleshooting steps. . This is not an error.
As I mentioned we renewed certificate on the RADIUS server for Azure MFA.
06-14-2023 07:28 AM
If NPS don't log then try "auditpol /set /subcategory:”Network Policy Server” /success:enable /failure:enable"
https://travelingpacket.com/2022/03/02/microsoft-nps-logs-not-showing-in-event-viewer/
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
