Force global protect reconnection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Force global protect reconnection

L1 Bithead
Hi all,
 
my config in global protect works fine. Prelogon goes up but when you logon to windows, if there no network available client goes in connection failed. I would like it ot try to reconnect as soon as I get internet access. Now I have to force a refresh connection.
Is it possible? Where's the trick?
 
Thanks
11 REPLIES 11

Cyber Elite
Cyber Elite

@MatteoTonin 

 

which connection method you are using?

Are you using Prelogon then on demand?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

L1 Bithead

Machine Prelogon with certificate then always on

@MatteoTonin 

 

If it is always on then it will try to connect automatically and if no Internet connection then it will give you the error message.

Once Internet connection is there does it connect automatically or you need to click on refresh connection?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

I need to refresh connection! Otherise it's stuck in connection failed!

@MatteoTonin 

 

I do not think there is any other way.

Lets see if someone else knows about it.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

Is there a way to check how often it retries to reconnect? And how many times?

@MatteoTonin 

 

These are two settings under Portal  and Agent tab.

 

Please try these

 

Automatic Restoration of VPN Connection Timeout
Enter a timeout value, in minutes, from 0 to 180 to specify the action the GlobalProtect app takes when the tunnel is disconnected due to network instability or endpoint state changes by entering; default is 30.
0—Disable this feature so that GlobalProtect does not attempt to reestablish the tunnel after the tunnel is disconnected.
1-180—Enable this feature so that GlobalProtect attempts to reestablish the tunnel connection if the tunnel is down for a period of time which does not exceed the timeout value you specify here. For example, with a timeout value of 30 minutes, GlobalProtect does not attempt to reestablish the tunnel if the tunnel is disconnected for 45 minutes. However, if the tunnel is disconnected for 15 minutes, GlobalProtect attempts to reconnect because the number of minutes has not exceeded the timeout value.
 

 

Wait Time Between VPN Connection Restore Attempts
Enter the amount of time, in seconds, the GlobalProtect app waits between attempts to reestablish the connection with the last-connected gateway when you enable Automatic Restoration of VPN Connection Timeout. Specify a longer or shorter wait time depending on your network conditions. Range is 1 to 60 seconds; the default is 5.
This time interval is used as TCP timeout for restoration attempt in case of SSL VPN tunnel; and it is used as UDP keepalive timeout for restoration attempt in case of IPSec tunnel.
 

 

On Always-On mode, the GlobalProtect app will keep retrying indefinitely at the configured Wait Time Between VPN Connection Restore Attempts.But On-Demand mode, the GlobalProtect app will try once for the duration of timeout configured on Wait Time Between VPN Connection Restore Attempts and if no success within the timeout period it will give up and switch to disconnected state and not retry again.
MP

Help the community: Like helpful comments and mark solutions.

@MatteoTonin what global protect version do you use and what OS version?

Both parameters are set to default: Automatic Restoration to 30 and Wait Time Between VPN Connection Restore Attempts to 5

5.2.5-87 , device is 9.1.8.

Hi @MatteoTonin 

In this case you should take a closer look at the global protect agent logs to check if there are any errors or other indicators that show why the connection fails. Specially at the times when you expect a connection should be brought up.

With the versions you use I can confirm, that it works that global protect will establish a connection. As written in the documentation, with always on this also works no matter how long there is no internet connection available.

  • 6151 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!