topic Re: Unable to reach Palo Alto - Global Protect Portal. in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/unable-to-reach-palo-alto-global-protect-portal/m-p/1241352#M7118 <P>if you just run a continuous ping against your public IP, are you then seeing new sessions being created for ping? could be yourVPC hasn't been set up correctly, or your SG is blocking inbound connections ?</P> Thu, 06 Nov 2025 09:30:09 GMT reaper 2025-11-06T09:30:09Z Unable to reach Palo Alto - Global Protect Portal. https://live.paloaltonetworks.com/t5/globalprotect-discussions/unable-to-reach-palo-alto-global-protect-portal/m-p/1241271#M7115 <P>Hey everyone,<BR />I’m currently deploying a<SPAN>&nbsp;</SPAN><STRONG>GlobalProtect VPN</STRONG><SPAN>&nbsp;</SPAN>on a<SPAN>&nbsp;</SPAN><STRONG>Palo Alto VM-Series</STRONG><SPAN>&nbsp;</SPAN>firewall running<SPAN>&nbsp;</SPAN><STRONG>PAN-OS 10.2.16-h4</STRONG><SPAN>&nbsp;</SPAN>in<SPAN>&nbsp;</SPAN><STRONG>AWS</STRONG>.<BR />Everything seems correctly configured according to the official<SPAN>&nbsp;</SPAN><EM>GlobalProtect Admin Guide</EM><SPAN>&nbsp;</SPAN>(portal, gateway, SSL/TLS certs, interfaces, routes, and security policies), but the portal is still unreachable via browser or<SPAN>&nbsp;</SPAN><CODE>Test-NetConnection</CODE><SPAN>&nbsp;</SPAN>on port 443.</P> <P>Current setup:</P> <UL> <LI> <P><STRONG>Portal interface:</STRONG><SPAN>&nbsp;</SPAN>ethernet1/1 — IP<SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a cursor-pointer underline " href="http://16.54.17.200/" target="_blank" rel="noopener nofollow noreferrer ugc">16.54.17.200</A>, zone<SPAN>&nbsp;</SPAN><EM>untrust</EM></P> </LI> <LI> <P><STRONG>Gateway interface:</STRONG><SPAN>&nbsp;</SPAN>same (ethernet1/1)</P> </LI> <LI> <P><STRONG>Tunnel interface:</STRONG><SPAN>&nbsp;</SPAN>tunnel.1 — zone<SPAN>&nbsp;</SPAN><EM>corp-vpn</EM></P> </LI> <LI> <P><STRONG>Mgmt profile:</STRONG><SPAN>&nbsp;</SPAN>HTTPS enabled</P> </LI> <LI> <P><STRONG>Security rule:</STRONG><SPAN>&nbsp;</SPAN>allows any from untrust → untrust (for testing)</P> </LI> <LI> <P><STRONG>Certificate:</STRONG><SPAN>&nbsp;</SPAN>self-signed assigned to SSL/TLS profile used by both Portal and Gateway</P> </LI> <LI> <P><STRONG>Routing:</STRONG><SPAN>&nbsp;</SPAN>default VR configured correctly</P> </LI> <LI> <P><STRONG>Processes running:</STRONG><SPAN>&nbsp;</SPAN><CODE>sslvpn_ngx</CODE><SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN><CODE>sslmgr</CODE><SPAN>&nbsp;</SPAN>confirmed running</P> </LI> <LI> <P><STRONG>Ping to</STRONG><SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a cursor-pointer underline " href="http://8.8.8.8/" target="_blank" rel="noopener nofollow noreferrer ugc"><STRONG>8.8.8.8</STRONG></A><SPAN>&nbsp;</SPAN><STRONG>works</STRONG>, but portal (<A class="relative pointer-events-auto a cursor-pointer underline " href="https://16.54.17.200/" target="_blank" rel="noopener nofollow noreferrer ugc">https://16.54.17.200</A><SPAN>&nbsp;</SPAN>or<SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a cursor-pointer underline " href="https://vpn.trustedgateway.org/" target="_blank" rel="noopener nofollow noreferrer ugc">https://vpn.trustedgateway.org</A>) doesn’t respond.</P> </LI> </UL> <P>What I’ve already tried:</P> <UL> <LI> <P>Restarted web-server, sslmgr, and management-server processes.</P> </LI> <LI> <P>Recreated Portal/Gateway from scratch.</P> </LI> <LI> <P>Verified NAT, Security, and Virtual Router configs.</P> </LI> <LI> <P>Updated PAN-OS from 10.2.13-h4 → 10.2.16-h4 (still same issue).</P> </LI> </UL> <P>Logs:</P> <P>No active sessions on port 443.</P> <P>"admin@PA-VM-CA&gt; show session all filter destination<SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a cursor-pointer underline " href="http://16.54.17.200/" target="_blank" rel="noopener nofollow noreferrer ugc">16.54.17.200</A><SPAN>&nbsp;</SPAN>destination-port 443</P> <P>No Active Sessions".</P> <P>Question:</P> <P>Has anyone faced a similar issue where the GlobalProtect portal won’t respond on HTTPS, even when the services and config look fine?</P> <P>Could this be related to a PAN-OS bug or certificate binding issue?</P> <P>Any suggestions or debug commands to trace portal traffic at process level would be appreciated.</P> <P>Preciate any help since I cant create a support ticket on Palo alto!.</P> Wed, 05 Nov 2025 16:59:21 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/unable-to-reach-palo-alto-global-protect-portal/m-p/1241271#M7115 asamboni 2025-11-05T16:59:21Z Re: Unable to reach Palo Alto - Global Protect Portal. https://live.paloaltonetworks.com/t5/globalprotect-discussions/unable-to-reach-palo-alto-global-protect-portal/m-p/1241352#M7118 <P>if you just run a continuous ping against your public IP, are you then seeing new sessions being created for ping? could be yourVPC hasn't been set up correctly, or your SG is blocking inbound connections ?</P> Thu, 06 Nov 2025 09:30:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/unable-to-reach-palo-alto-global-protect-portal/m-p/1241352#M7118 reaper 2025-11-06T09:30:09Z