Global Protect Client Error "Failed to get default route entry"

MHaran · ‎02-22-2016

Hi,

Has anyone seen this error before?

I have a user who is using SSL VPN to the Palo Alto. Upon downloading the client, the initial connection works.

However, subsequent connections displays an error on the client "Failed to get default route entry". The logs on the Palo Alto Firewall don't suggest an issue an indicate the user is connected and an IP assigned. Yet the IPconfig on the laptop does not indicate the IP has been received.

I have other users connecting OK.

Regards

Mike

vkalal · ‎02-22-2016

One of the following should resolve your issue :

1. uninstall and re-install the GP client

2. Upgrade the GP client to the latest version

3. Re-image the workstation

4. If all fails try upgrading the pan-os version. (If you are still on the 6.1.X series)

MHaran · ‎02-22-2016

Responses below

1. uninstall and re-install the GP client - Have done this but still the same

2. Upgrade the GP client to the latest version - We are running the latest version

3. Re-image the workstation - Really? Re-Image a Client PC....what is the reason for this?

4. If all fails try upgrading the pan-os version. (If you are still on the 6.1.X series) - We are running the latest version

I have just started rolling this out and if point 3 is something I need to consider I will be worried

vkalal · ‎02-22-2016

Reimage PC : To reformat the hard drive and repair damaged partitions

pankaku · ‎02-22-2016

You might have installed some third party software like antivirus/firewall/another vpn software which is confilicting.

Lucky · ‎02-22-2016

Hi Mike,

can you raise debug on the client side? Should be enabled from the GP configuration for users, you can collect troubleshooting information for network configurations and routing table. It is worth investigating is there some conflict in third-party software as well (why is customer using SSL VPN? Are they using some IPsec VPN at the same time that sets default route with same metric...?) I am thinking, error is not the happiest description what happened - it might be having problems installing default route to the client...

Raising debug on client and investigating client's routing table would be my first steps, before I take it to the GP, especially if everything works with all/most of other clients, debugged logs should tell you more anyhow. I would also try using the latest version of client, 3.0 has been out for a few days - perhaps it will solve your problems.

Best regards,

Luciano

SajidAliSajid · ‎03-24-2020

How to fix this "Failed to get default route entry" issue?

kiwi · ‎04-08-2020

Hi @SajidAliSajid ,

Luciano's previous comment is old but still valid. Please do some debugging on the client side. Collect the debug logs from the GP client and check there for starters.

Cheers,

-Kiwi.

Global Protect Client Error "Failed to get default route entry"