Has anyone seen this error before?
I have a user who is using SSL VPN to the Palo Alto. Upon downloading the client, the initial connection works.
However, subsequent connections displays an error on the client "Failed to get default route entry". The logs on the Palo Alto Firewall don't suggest an issue an indicate the user is connected and an IP assigned. Yet the IPconfig on the laptop does not indicate the IP has been received.
I have other users connecting OK.
One of the following should resolve your issue :
1. uninstall and re-install the GP client
2. Upgrade the GP client to the latest version
3. Re-image the workstation
4. If all fails try upgrading the pan-os version. (If you are still on the 6.1.X series)
1. uninstall and re-install the GP client - Have done this but still the same
2. Upgrade the GP client to the latest version - We are running the latest version
3. Re-image the workstation - Really? Re-Image a Client PC....what is the reason for this?
4. If all fails try upgrading the pan-os version. (If you are still on the 6.1.X series) - We are running the latest version
I have just started rolling this out and if point 3 is something I need to consider I will be worried
can you raise debug on the client side? Should be enabled from the GP configuration for users, you can collect troubleshooting information for network configurations and routing table. It is worth investigating is there some conflict in third-party software as well (why is customer using SSL VPN? Are they using some IPsec VPN at the same time that sets default route with same metric...?) I am thinking, error is not the happiest description what happened - it might be having problems installing default route to the client...
Raising debug on client and investigating client's routing table would be my first steps, before I take it to the GP, especially if everything works with all/most of other clients, debugged logs should tell you more anyhow. I would also try using the latest version of client, 3.0 has been out for a few days - perhaps it will solve your problems.
Hi @SajidAliSajid ,
Luciano's previous comment is old but still valid. Please do some debugging on the client side. Collect the debug logs from the GP client and check there for starters.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!