02-21-2025 09:07 PM
Hi Folks,
One of the GP VPN user is located in USA and we have the GP Gateway deployed in India Location.
When we perform an ping, the latency is around 270 to 290 ms.
The user is constantly facing issue while connecting to the VPN. Some times the user is getting error message like below and not even able to connect to the Gateway located in India:
02/20/2025 17:51:40:552 [Error]: Gateway ANALOG_GATEWAY: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
Have any one faced the issue and whether the latency of 270 to 290 ms is fine or this is very high and it is an expected behavior to face issues link this.
Thanks in advance.
02-21-2025 09:31 PM
If that's your average latency it's not going to be a good experience, there's a lot of line of business applications that would have issues dealing with that sort of latency. That being said, it shouldn't cause the actual tunnel to collapse unless you're actually dealing with loss across the link. When you check the PanGPS logs do you see anything when you search for "tunnel downtime" denoting a collapse that is then restored, or just a complete connectivity failure?
Generally speaking when you're crossing continents I would want to have a local gateway that the user connects to and then have it cross-connected where needed to access the other locations resources. Whether that is warranted in this instance depends on company demands, how long this user will be in the United States, and honestly how important the user is. A local gateway deployed in AWS/Azure/GCP/Prisma is going to drastically improve the performance that they're seeing however, and all of them would have a more reliable connection to India than a random ISP connection in the United States.
Something to try with this user to see if it helps the tunnel stay online as well would be forcing an SSL connection for them instead of IPSec.
02-22-2025 02:04 AM
@BPry I had checked the PANGPS.log and could see the below error message, any idea on this
P 838-T17423 02/20/2025 17:51:37:417 Debug(5690): CPD, CaptivePortalDetectionThread: captive portal is not detected for CP server. iStatus = 200
P 838-T17423 02/20/2025 17:51:37:417 Debug(5880): CaptivePortalDetectionThread: Didn't detect captive portal currently, and bCaptivePortalDetectedOnce=(0).
P 838-T17423 02/20/2025 17:51:37:417 Debug(5759): CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
P 838-T16911 02/20/2025 17:51:40:552 Info ( 158): Timeout(5) in select() - Cancelling!
P 838-T16911 02/20/2025 17:51:40:552 Debug( 626): Failed to connect to x.x.x.x on 443 with return value -1 and socket error 36(Operation now in progress)
P 838-T16911 02/20/2025 17:51:40:552 Debug( 936): do_tcp_connect() failed
P 838-T16911 02/20/2025 17:51:40:552 Error(6560): Failed to ssl connect to 'x.x.x.x:443', Disconect ssl and returns FALSE.
P 838-T16911 02/20/2025 17:51:40:552 Debug(6280): Set perfer ipv6 to false for x.x.x.x
P 838-T16911 02/20/2025 17:51:40:552 Debug(6583): Already tried ipv4
P 838-T16911 02/20/2025 17:51:40:552 Debug(5811): Show Gateway Palo_GATEWAY: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
