Global Protect and ( error eq 'Existing user session found' )

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect and ( error eq 'Existing user session found' )

L2 Linker

Hi Team,

 

On GP 5.2.5 on GUI logs i see 

 

( status eq failure ) and ( eventid eq gateway-register ) and ( error eq 'Existing user session found' )

 

is this bad?

what is the reason for this error?

 

Regards

5 REPLIES 5

Cyber Elite
Cyber Elite

@PaloAlto18,

This is nothing to worry about. It simply means that the user is already registered on the gateway, so it's just going to use the existing user session instead of registering a new session. 

HI @BPry ,

 

Can you please explain this in more detail and how to reproduce this issue ?

 

Regards

 

 

 

L6 Presenter

What VPN are you using normal VPN with globalprotect APP or Clientless VPN? Do you or your users have any real impact? It is possible that the users first log in the normal VPN then hey try to use the clientless VPN.

 

 

 

You may also have issues where clients disconnect because of a bad network, bad MTU etc., so generate globalprotect logs and check them:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5XCAS

 

 

 

If you have palo alto 9.1 or newer, you may also see performance metrics from the firewall for the client tunnels:

 

https://docs-new.paloaltonetworks.com/globalprotect/5-1/globalprotect-app-new-features/new-features-...

Hi @BPry 

 

Due to this issue user unable to register the gateway, Same has reflected in GP Logs as Existing user Session found. The users unable to connect to gateway. 

 

Is there anyway to resolve this ?

 

Snow

@SubaMuthuram,

I've never seen this error prevent someone from logging in properly. Immediately following this error you should be seeing a 'remove previous login' gateway-logout immediately followed by a gateway-login for the host-id. Effectively the firewall is simply clearing the stale session that wasn't properly shutdown and re-building a new session for the host-id. 

Are you saying that you've looked at logging and you aren't seeing it remove the previous login and forming a new connection?

  • 10090 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!