LIVEcommunity - Re: Strange errors with Globalprotect and PANOS 10.2.3-h2

Spaniel · ‎03-10-2023

Hello everyone,

We have two strange errors with Globalprotect (v. 5.2.11) since the update to PANOS 10.2.3-h2:
- For internal connections (via tunnel) the connection fails with the event gateway-hip-check with the message "Invalid tunnel end point IP address".
- The external portal is suddenly no longer accessible via https but pingable via the IP and domain.

Therefore no clients are connecting anymore.

We have already tried to upgrade to PANOS 10.2.3-h4 but it does not show any improvement. Also all deamons are in status running.

Does anyone have another idea? Paloalto support is always relatively slow unfortunately.

Regards

Sven

Spaniel · ‎03-10-2023

As a workaround for the disrupted internal connections, we resolved the internal tunnel. Now all clients connect internally via "Internal connection" directly to the systems instead of via a tunnel.

Externally, however, we do not yet have a workaround, let alone a solution.

Spaniel · ‎03-16-2023

Is apparently a problem with the upgrade. After a downgrade everything ran normally again. We now wait until the next release and try again.

View solution in original post

AmmarBahasan · ‎06-07-2023

Hey,

i an runninng into a similar issue were some of the users keeps on getting disconnected randomly. how did you manage to solve it? which version did you went back to?

Spaniel · ‎06-12-2023

Hi,

we have a PA-460 active-passive cluster and had upgrade from version 10.1.8 to 10.2.3-h2. The version was also recommended by Paloalto at that time.

We then went back to version 10.1.8 and are currently still running on that. We will try another upgrade to a higher version soon.

MP18 · ‎12-11-2023

@AmmarBahasan

We ran into Same issue yesterday while on PAN OS 10.2.4-h4 we need to downgrade to 10.0.11-h1 to fix the issue.

During that time only few users were able to connect.

Hope this helps1

Regards

MP

Help the community: Like helpful comments and mark solutions.