Traffic from GP interface

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Traffic from GP interface

L4 Transporter

Hi Team,

 

I am seeing some traffic initiated from GP interface to outside using source port udp/4500 to public IPs of clients( GP uses 4501 and I have xauth configured). Are these traffics are because of GP xauth configuration.. anybody has noticed it before ?.

I dont have any Ipsec tunnels configured from this interface.

thanks in advance.

2 REPLIES 2

L4 Transporter

@Abdul_Razaq If you don't use any 3rd party clients with X-Auth, it could also be your standard users. The global protect agent will try IPSec connection to the Gateway and only if it fails will use SSL. This is enabled by default and configurable under “Global Protect>Agent>Tunnel Settings”

https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-gateways/confi...

Hi @BatD ,

I am seeing these traffic only for third party clients, I am seeing traffic initiated from PA with source udp/4500 to client public IPs (it is blocked by policy ).

As it is port 4500, I can make sure that it is because of third party client as GP uses 4501 in tunnel mode. I am wondering what is inside that packets, what PA is trying to send, is it the tunnel initiation? ( even though the policy is denying it, the IPSec connection is fine in responder mode).

  • 2321 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!