Clientless App feature enable BUG 8.1.3

Reply
L0 Member

Clientless App feature enable BUG 8.1.3

The only I can describe this configuration is that is is a bug. I do not see any reason why such a feature would exist and not be clearly documented.

 

Issue: When commiting that change after deploying a GlobalProtect Clienless app a warning would appear saying: 

Warning: Clientless VPN Content is missing. The feature is not enabled.

              (Module: device)

 

Of course there is nothing in the admin guide, or a webpage that is indexed contains these words to help troubleshoot the cause.

 

Resolution: 

Dynamic updates was already enabled. However it was only enabled on items that had actual updates listed on them. To explain. Anti Virus and Applications and Threats were the only items lists with items to download and install. These items had a schedule. 

 

The only other section visible was GlobalProtect Data File, which contained no listed updates, thus, this was not schuled for updates.

 

As it turns our, The GlobalProect Clientless VPN and WildFire sections are only made visible, by configuring a Schedule for GlobalProtect Data File.

 

After setting a schedule for the GlobalProect Clienltless VPN and GlobalProect Data File, and installing the update for GP clientless VPN. I was able to remove the warning "Clientless VPN Content is missing. The feature is not enabled." From the Commit and elimate the login error on the global protect page: The GlobalProtect Clientless VPN portal is not configured with the required content. Please contact your IT Administrator.

 

A better Commit warning would be: "Dynamic Update schedule for GobalProtect Clienltess VPN is not configured causing the feature to not be enabled." This would be a useful error message. At a minium you can have specific error code that can be referenced for the exact problem. 

 

I spent way to many hours on trying to resolve this, and had though it was a configuration problem of the GP Gateway or portal. I don't image these live community posts are index by google like they are with F5's dev central, which is a shame. That makes troubleshooting more difficult, and makes this community a lot less useful in my opinion.

L5 Sessionator

Re: Clientless App feature enable BUG 8.1.3

Hi @HOBSupport,

 

I believe this is in the documentation unless I'm reading it wrong :)

 

GlobalProtect Clientless VPN—Contains new and updated application signatures to enable Clientless VPN access to common web applications from the GlobalProtect portal. You must have a GlobalProtect license (subscription) and create an update schedule in order to receive these updates and enable Clientless VPN to function.

 

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/getting-started/install-content-and-...

 

Edit: I do agree with you though, the commit warning could be a bit better, however in the "before you begin" in step one of the below documentation, it does cross reference the above link I sent.

 

https://www.paloaltonetworks.com/documentation/80/globalprotect/globalprotect-admin-guide/globalprot...

L0 Member

Re: Clientless App feature enable BUG 8.1.3

I should have clairified.

 

Following this guide: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/network-gl...

It says : "You need the GlobalProtect Clientless VPN dynamic updates to use this feature"

 

However there is nothing that says GlobalProtect Clienless VPN in the Dynamic Updates section unless you enable scheduling for the Global Protect Data file. Which in my view is a bug. You should not need to enable scheduling for this in order to set scheduling for the Global Protect Clientless VPN.

L7 Applicator

Re: Clientless App feature enable BUG 8.1.3

Okay, no idea who to apply to as it now looks like you currently have two account. 

 

Can you be a bit more discriptive in what exactly you're talking about HOB? Was the actual 'Schedule' setting simply missing or did you not have the entire 'GlobalProtect Clientless VPN' dynamic update section until you enabled a schedule and a Data File update was actually installed? 

If the section was simply missing the 'Schedule' option in the GUI that's something completely different then the section missing from Dynamic Updates all-together. I want to verify which one you're hitting 

L0 Member

Re: Clientless App feature enable BUG 8.1.3

Ok I will upload a photo of the issue. However, I cannot directly reproduce this issue, since the GUI bug is fixed by setting a schedule for GlobalProtect Data File.

 

1.pngBefore Schedule is set for GlobalProtect Data File2.pngGUI after GP Data file is scheduled

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!