Clientless VPN getting worse with each PANOS ver

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Clientless VPN getting worse with each PANOS ver

L4 Transporter

Timeline of my struggles:

 

Somewhere between 10.1.0 and 10.1.4 the clientless VPN stopped showing icons for each app not super big deal because the apps still worked but after trying a couple upgrades...

 

10.1.5: brings the icons back! but now the apps themselves do not work at all

hshawn_0-1648251082166.png

trying by IP to rule out DNS issues

hshawn_1-1648251180854.png

trying with https in case its something to do with http/80

hshawn_2-1648251223066.png

ok ok let's try 10.2: clientless VPN portal page apps are all gone! page is blank! No apps, no icons, nothing here

 

downgraded back to 10.1.4 again: apps work but no icons I guess we are stuck on 10.1.4 forever?

 

What is going on? Is there some magic toggle added that was not required prior to 10.1.x or is this just a hot mess of clientless bugs? 🙂

 

UPDATE: Traffic logs show no attempts and no traffic from the VPN zone so I cannot even do a pcap. The 404 errors are coming from the firewall/portal itself before it even gets to reverse proxy to the app on the inside.

4 REPLIES 4

L4 Transporter

@honardsin  I am not sure I understand this response, I was already using clientless VPN and it was working great until later releases of PANOS. Clientless VPN is so broken right now that even the release notes for the latest version of the clientless VPN dynamic update errors out

 

An error occurred while processing your request.

 

Reference #199.bb92d817.1648479788.8547a35

 

 

@hshawn Please ignore the "honardsin" reply. It is a spam bot posting generic replies, copied from other sites, which will later be edited to include spam/phishing links. Flag the post as inappropriate content.

Thanks for  the info. reported

L0 Member
I got the clientless VPN (hosted on VLAN interface) to work again on 10.1.3. Here's what I did in case it helps anyone.
  1. Downgraded from 10.2 to 10.1.3 (after exporting a named snapshot externally)
  2. Downgraded from 10.1.3 to 10.0
  3. Upgraded from 10.0 back to 10.1.3
  4. Loaded the previously exported named snapshot (step 1)

No idea if all those steps were necessary, but it seems to work now.  One odd behavior was that existing user accounts (local db) would not open the clientless app on the first attempt (logs showed deny), however, the exact same user attempting again would work (logs showed allow).  Very strange.  I'm afraid to upgrade further until another maintenance release comes out.  For now, I am holding my breath.  Good luck!

  • 3413 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!