https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-internal-gateway-quot-not-connected-quot/m-p/542675#M4027 <P>I have a PA-440 running 10.2.3-h4.&nbsp; I have a working external GlobalProtect gateway and created an internal gateway.&nbsp; I have enabled "Internal Host Detection" added the internal gateway information to the config of the portal.&nbsp; After trying to connect, the main GlobalProtect screen shows "Not Connected" with "Select the portal to connect and secure access to your applications and the internet.", however, the "Settings" screen shows "Connected - Internal".&nbsp; I do not see any user information in the firewalls for this client connection, however the GlobalProtect logs show successful authenication.&nbsp; Any idea why this would be happening?</P> Fri, 19 May 2023 02:48:46 GMT jwalls 2023-05-19T02:48:46Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-internal-gateway-quot-not-connected-quot/m-p/542675#M4027 <P>I have a PA-440 running 10.2.3-h4.&nbsp; I have a working external GlobalProtect gateway and created an internal gateway.&nbsp; I have enabled "Internal Host Detection" added the internal gateway information to the config of the portal.&nbsp; After trying to connect, the main GlobalProtect screen shows "Not Connected" with "Select the portal to connect and secure access to your applications and the internet.", however, the "Settings" screen shows "Connected - Internal".&nbsp; I do not see any user information in the firewalls for this client connection, however the GlobalProtect logs show successful authenication.&nbsp; Any idea why this would be happening?</P> Fri, 19 May 2023 02:48:46 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-internal-gateway-quot-not-connected-quot/m-p/542675#M4027 jwalls 2023-05-19T02:48:46Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-internal-gateway-quot-not-connected-quot/m-p/542714#M4028 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15403">@jwalls</a> ,</P> <P>The logs you have provided shows that client is connecting and authenticating to the portal, but no logs from the internal gateway. You should see successfull authentication from internal gatway if connection is successful. </P> <P>&nbsp;</P> <P>Have you checked if traffic is allowed? Traffic from GP client to GP portal/gateway is also passing the policy. In general the default intra-zone rule would allow this (inside user to inside interface), but I would suggest you to first start by confirming that FW is allowing the traffic to the internal gateway.</P> <P>- Check traffic logs filtering by the internal gateway IP</P> <P>&nbsp;</P> <P>From the client screenshots it looks like the internal host detection is working fine, but to confirm you can check GP logs. </P> <P>- Check the logs "PanGPS.log" and "pan_gp_events.log". Here are some resources that might help you:</P> <P><A href="https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClUk" target="_blank">https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClUk</A></P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS</A></P> <P>&nbsp;</P> <P>Last episode of PANCast by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/53844">@jarena</a>&nbsp; can also help you - <A href="https://live.paloaltonetworks.com/t5/pancast/pancast-episode-17-globalprotect-connections-and-troubleshooting/ta-p/541325" target="_blank">https://live.paloaltonetworks.com/t5/pancast/pancast-episode-17-globalprotect-connections-and-troubleshooting/ta-p/541325</A></P> <P>&nbsp;</P> Fri, 19 May 2023 07:53:30 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-internal-gateway-quot-not-connected-quot/m-p/542714#M4028 aleksandar.astardzhiev 2023-05-19T07:53:30Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-internal-gateway-quot-not-connected-quot/m-p/543098#M4035 <P>Thanks!&nbsp; I dug into those logs a little deeper an saw: P1370-T31867 05/23/2023 14:34:24:869 Error(3312): Received DNS reverse lookup response error -65554</P> <P>My Reverse DNS was not working properly for my internal gateway. Once I corrected that it is working perfect!</P> Tue, 23 May 2023 20:22:46 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-internal-gateway-quot-not-connected-quot/m-p/543098#M4035 jwalls 2023-05-23T20:22:46Z