https://live.paloaltonetworks.com/t5/globalprotect-discussions/can-t-access-firewall-while-connected-to-gp/m-p/594562#M5656 <P>Hi Everyone,</P> <P>&nbsp;</P> <P>We have a working GP setup and our users connect to the VPN without issues. However, when trying to access the firewall via its management IP while connected to the GP, we cannot reach the firewall. Other network resources specified in the access routes are reachable. Here are the troubleshooting steps I conducted:</P> <P>&nbsp;</P> <P>1. Ping, SSH, Access through HTTPS the MGMT IP of Firewall: <STRONG>Fail</STRONG></P> <P>2. I made sure that the Interface MGMT Settings have the remote user's IP is included in the permitted IP address. (HTTPS, SSH, PING also ticked)</P> <P>3. I made sure that the Firewall's Mgmt IP is included in the Split Tunnel - Access Route configuration in the GP Configurations (As well as in the Security Policy in Destination Addr.)</P> <P>4. I checked the logs, specifying the source addr and destination addr, it says "allow" but it shows Application Incomplete when accessing the GUI of Firewall.</P> <P>5. I made sure that there is a route from the remote user to the IP Addr of the Firewall by using "route print"</P> <P>6. I also tried disabling the local windows defender firewall of the remote user, disabling the IPv6 of the PANGP Network Adapter, and tried manually installing different versions of GP App. Result:&nbsp;<STRONG>Fail</STRONG></P> <P>&nbsp;</P> <P>Are there any missing steps that I haven't tried yet?</P> Sat, 10 Aug 2024 00:27:10 GMT zedexxx 2024-08-10T00:27:10Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/can-t-access-firewall-while-connected-to-gp/m-p/594562#M5656 <P>Hi Everyone,</P> <P>&nbsp;</P> <P>We have a working GP setup and our users connect to the VPN without issues. However, when trying to access the firewall via its management IP while connected to the GP, we cannot reach the firewall. Other network resources specified in the access routes are reachable. Here are the troubleshooting steps I conducted:</P> <P>&nbsp;</P> <P>1. Ping, SSH, Access through HTTPS the MGMT IP of Firewall: <STRONG>Fail</STRONG></P> <P>2. I made sure that the Interface MGMT Settings have the remote user's IP is included in the permitted IP address. (HTTPS, SSH, PING also ticked)</P> <P>3. I made sure that the Firewall's Mgmt IP is included in the Split Tunnel - Access Route configuration in the GP Configurations (As well as in the Security Policy in Destination Addr.)</P> <P>4. I checked the logs, specifying the source addr and destination addr, it says "allow" but it shows Application Incomplete when accessing the GUI of Firewall.</P> <P>5. I made sure that there is a route from the remote user to the IP Addr of the Firewall by using "route print"</P> <P>6. I also tried disabling the local windows defender firewall of the remote user, disabling the IPv6 of the PANGP Network Adapter, and tried manually installing different versions of GP App. Result:&nbsp;<STRONG>Fail</STRONG></P> <P>&nbsp;</P> <P>Are there any missing steps that I haven't tried yet?</P> Sat, 10 Aug 2024 00:27:10 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/can-t-access-firewall-while-connected-to-gp/m-p/594562#M5656 zedexxx 2024-08-10T00:27:10Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/can-t-access-firewall-while-connected-to-gp/m-p/594832#M5671 <P>Verify the routing between the your management interface subnet and the Vpn subnet. Even though the mgmt interface is part of the firewall it won't act as data interface.</P> <P>&nbsp;</P> <P>If the application shows as incomplete there is no tcp handshake between the source and destination.&nbsp;</P> <P>&nbsp;</P> <P>Run the tcpdump in the mgmt interface and try to access to verify the traffic is reaching to the respective interface. Refer below kb for packet capture on mgmt interface.&nbsp;</P> <P>&nbsp;</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 14 Aug 2024 01:40:25 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/can-t-access-firewall-while-connected-to-gp/m-p/594832#M5671 Edsnow 2024-08-14T01:40:25Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/can-t-access-firewall-while-connected-to-gp/m-p/594967#M5674 <P>Thanks for your response,</P> <P>&nbsp;</P> <P>The issue is now solved. Turns out that we had to adjust our pbf policies.</P> Thu, 15 Aug 2024 01:57:50 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/can-t-access-firewall-while-connected-to-gp/m-p/594967#M5674 zedexxx 2024-08-15T01:57:50Z