06-05-2024 02:31 AM
Hi,
I observed that our PaloAltos in our branches host the website shown in the screenshot, although only a gateway and NO portal was configured on this PaloAltos. The website looks very strange, especially with the login dialog hanging at the top of the page. We use only one global protect portal at our main location and the portal website has been deactivated and this worked fine.
PANOS 10.2.9-h1
Best regards,
Chris
06-13-2024 12:21 AM
Hi @kiwi,
answer from PA support:
The issue is known, but has not been added to the known issue list yet...
Fix should include in 11.2.3, 10.2.10, 11.1.5 and 10.2.4-h20
Best regards,
Chris
06-05-2024 04:42 AM
Hi @HW-ChrisME ,
This sound like somewhat similar behaviour as seen in PAN-183981.
The thing is that this bug was fixed in 10.1.9 (https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-9-known-and-addressed...). So you might be running into a regression somehow. I suggest to contact support to confirm if you're hitting a regression of this bug or an entirely new issue.
You could try the workaround that was suggested for the bug (prior to the fix):
For the workaround you could configure a dummy portal and set it to disabled state like this:
This should return you the expected error 404, even if you try to open https://x.x.x.x/global-protect/login.esp.
Hope this helps,
-Kim.
06-05-2024 05:38 AM
Hi @kiwi
thanks for your response and the reference to PAN-183981.
It could be a new bug, because i dont need the exact link for accessing the portal website.
Port 80 with redirect to Port 443 and redirect to the /global-protect/login.esp Site are enabled.
I will speak with our support technican to test the workaround and open a support ticket.
Best regards,
Chris
06-13-2024 12:21 AM
Hi @kiwi,
answer from PA support:
The issue is known, but has not been added to the known issue list yet...
Fix should include in 11.2.3, 10.2.10, 11.1.5 and 10.2.4-h20
Best regards,
Chris
06-26-2024 08:53 AM
Not seeing a fix for this on 10.2.10, anyone try to upgrade to fix this?
06-26-2024 09:08 AM
@kiwi wrote:
2. You need to define a name and interface on the General tab and a SSL/TLS service profile on the Authentication tab at minimum to be able to save the Portal.
3. Since there is no Client Authentication or Agent Authentication configuration, no one should be able to login to this portal no matter what. This can be considered a dummy portal.
This is incorrect, commit will fail with
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
