https://live.paloaltonetworks.com/t5/general-topics/global-protect-external-gateway-saying-only-manual-gateway-exits/m-p/292054#M77339 <P>If you are looking at the GP Service logs and seeing these messages, then maybe it is something else.</P><P>There is a lot of logic programmed to test for all occurrences/scenarios, and sometimes I see logic tested and outputted, but does not hold true.&nbsp; Like your example... the startup logic tests for external gateways, comments that they are manual, but in reality, they are not.</P><P>I am not saying it is an anomoly or bug.. it is just my understanding that some of this realtime checks are red herrings in troubleshooting the real issue.</P><P>&nbsp;</P><P>I think we would need to see more than a single log entry.. i need to see about 30 lines before and after to see exactly what the GP service is attempting to do.</P><P>&nbsp;</P><P>I would perhaps test with a on-demand config, using your ldap credentials, so that you can manual turn on/off, and continue testing/committing, and troubleshooting one change at a time.</P><P>&nbsp;</P><P>It may be easier to test, and then create a tech support file and open case with support through your support portal, and they can look at the logs in detail to assist you.&nbsp; You would of course, need to include the zipped logs from the user in question as well.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Oct 2019 02:28:16 GMT S.Cantwell 2019-10-09T02:28:16Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-external-gateway-saying-only-manual-gateway-exits/m-p/291497#M77280 <P>All of the sudden, in our global protect setup(Pre-Logon-Always-On, internal host detection, we were able to switch between internal and external networks and Global Protect would always reconnect.&nbsp; For about a month this has not been working.&nbsp; I got around to looking at the logs and see the following:</P><P>&nbsp;</P><P>(T14316) Debug(4604): All external gateways are manual only.</P><P>&nbsp;</P><P>This is not the case as we only have one external gateway configured and it is not set to manual.</P><P>&nbsp;</P><P>The portal and gateway are configured on the same PAN 5250 device with PanOS8.1.9</P><P>&nbsp;</P><P>Has anyone seen this lately or know why the client is saying this even though it's not configured that way on the PAN?</P><P>&nbsp;</P><P>Thank you.</P><DIV class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV><P>&nbsp;</P> Fri, 04 Oct 2019 18:36:24 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-external-gateway-saying-only-manual-gateway-exits/m-p/291497#M77280 dpeterson4 2019-10-04T18:36:24Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-external-gateway-saying-only-manual-gateway-exits/m-p/292054#M77339 <P>If you are looking at the GP Service logs and seeing these messages, then maybe it is something else.</P><P>There is a lot of logic programmed to test for all occurrences/scenarios, and sometimes I see logic tested and outputted, but does not hold true.&nbsp; Like your example... the startup logic tests for external gateways, comments that they are manual, but in reality, they are not.</P><P>I am not saying it is an anomoly or bug.. it is just my understanding that some of this realtime checks are red herrings in troubleshooting the real issue.</P><P>&nbsp;</P><P>I think we would need to see more than a single log entry.. i need to see about 30 lines before and after to see exactly what the GP service is attempting to do.</P><P>&nbsp;</P><P>I would perhaps test with a on-demand config, using your ldap credentials, so that you can manual turn on/off, and continue testing/committing, and troubleshooting one change at a time.</P><P>&nbsp;</P><P>It may be easier to test, and then create a tech support file and open case with support through your support portal, and they can look at the logs in detail to assist you.&nbsp; You would of course, need to include the zipped logs from the user in question as well.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Oct 2019 02:28:16 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-external-gateway-saying-only-manual-gateway-exits/m-p/292054#M77339 S.Cantwell 2019-10-09T02:28:16Z