GlobalProtect portal client configuration failed

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect portal client configuration failed

L2 Linker

Hello,

 

I am facing an issue with Global Protect. I have users coming in from 2 different domains and after an upgrade from PAN OS 7.0.5-h2 to 7.0.9, users from the second domain are no longer able to connect.

The error message is that: You are not authorized to connect to the Global Protect Portal.

I have verified that the user is part of the group which is configured in the Portal configuration and that even the authenciation is succeeding.

 

In the client logs, I see (username masked):

<response>
	<type>portal</type>
	<status>Disconnected</status>
	<protocol/>
	<portal-config-version>0</portal-config-version>
	<error>You are not authorized to connect to GlobalProtect Portal.</error>
	<product-version>2.2.2-3</product-version>
	<product-code>&quot;{E8B1936D-DF39-4BE1-87F9-6A53A90A93D5}&quot;</product-code>
	<portal-status>No portal configuration</portal-status>
	<user-name>xxxxxxxx</user-name>
	<state>Disconnected</state>
	<check-version>no</check-version>
	<mdm-is-enabled>no</mdm-is-enabled>
</response>

In the Palo Alto System logs, I see (IP and username masked):

Event: globalprotectportal-config-fail 
Description: GlobalProtect portal client configuration failed. Login from: 1.1.1.1, User name: xxxxxx

Maybe I am hitting a bug on PA?

 

Thanks,

1 accepted solution

Accepted Solutions

L2 Linker

Okay, so after some tinkering, a colleague found the issue.

It seems that the groups had to be included in the Goup Include list in the Group mapping which wasn't present. After adding the groups against which the PA was assigning portal configuration, it now works fine.

View solution in original post

3 REPLIES 3

L4 Transporter

is the client version is cmpaible with new relaese 

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

I tried using the GP version 2.3.5 agent as well and am facing the same.

L2 Linker

Okay, so after some tinkering, a colleague found the issue.

It seems that the groups had to be included in the Goup Include list in the Group mapping which wasn't present. After adding the groups against which the PA was assigning portal configuration, it now works fine.

  • 1 accepted solution
  • 21480 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!