topic Re: GlobalProtect SSL error in GlobalProtect Discussions

GlobalProtect SSL error

thetechknowg — Wed, 09 Feb 2022 17:03:33 GMT

(P19520-T11728)Dump (1338): 02/09/22 16:16:12:010 SSL_connect: initialization (P19520-T11728)Dump (1338): 02/09/22 16:16:12:010 SSL_connect: write client hello A (P19520-T11728)Dump (1355): 02/09/22 16:16:12:059 SSL_connect:error in SSLv2/v3 read server hello A (P19520-T11728)Debug( 324): 02/09/22 16:16:12:059 SSL connect failed (P19520-T11728)Debug( 60): 02/09/22 16:16:12:059 detailed SSL error info: (P19520-T11728)Debug( 801): 02/09/22 16:16:12:059 connect() failed (P19520-T11728)Dump ( 822): 02/09/22 16:16:12:059 Disconnect tcp socket

Hello,

Please can someone help me with this GlobalProtect error. The logs don't seem to show any detailed SSL error information. It is blank. I can let you know what I have tried, bearing in mind this is a test portal + gateway, we have a production portal + gateway on the same PA-5220 that works perfectly fine.

Both GP and GW certs have been reissued just in-case
Tried 3 different GP clients (5.0.5, 5.2.5 and 5.2.10).

What else can I do to help with the troubleshooting process.

Please and thank you

Re: GlobalProtect SSL error

BPry — Thu, 10 Feb 2022 04:03:43 GMT

@thetechknowg,

Looks like GlobalProtects logging is cutting off the error number that would/should be getting returned. I would use openssl to validate that you can complete the handshake properly from the same client outside of the Globalprotect Agent. My guess is that this isn't really a Globalprotect Agent issue and you'll see the same handshake failure in your openssl test.

Re: GlobalProtect SSL error

thetechknowg — Thu, 10 Feb 2022 16:35:40 GMT

Thanks BPry, I'll see if we can get this test in place.