Global Protect disconnect issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect disconnect issue

L3 Networker

3000 series FW, software 6.0.1, GP 2.0.1 -- GP continually disconnects/reconnects.. tried reinstalling client, rebooting, etc.. happens with some users at random times..then the issue will magically go away.  Anyone else experience?

8 REPLIES 8

L7 Applicator

Hello Rrau,

Could you please confirm the internet connectivity from the affected machine during the issue. More more detail info, you may enable logging into the GP client:

---Advanced view > Troubleshooting tab: start

debug on PanGP Service

File > Collect Log

c:\Users: look for Pan… files

---Wireshark on client PC

Reference DOC: Troubleshooting GlobalProtect, PAN-OS 4.1

Thanks

Def has nothing to do with the local Internet service.  Happens at random intervals with random machines in random locations Smiley Happy

I will run debug on a client machine next time I see the issue.  thanks!

We are seeing the issue as well.  In the GP logs we are seeing:


(T15964) 12/22/15 10:17:52:802 Error( 306): read(zero byte) failed: 0 >>>>> !!!
(T15964) 12/22/15 10:17:52:802 Info ( 184): Error processing receive data from client>>>>> !!!
(T15964) 12/22/15 10:17:52:802 Info ( 190): close client socket
(T15992) 12/22/15 10:17:52:894 Debug( 142): CheckPanGpAgentThread: PanGPA process 15984 exits, ret is 00e88eb0.
(T15992) 12/22/15 10:17:52:894 Debug( 150): GlobalProtect agent terminates unexpectedly. Skip StopThreads().>>>>> !!!

 

 

Each time we get a disconnect.   Engineering is looking at it.   I will post when they figure it out

What was the solution for this? I have couple of users complaining about the same. It disconnects randomly and restablishes the connection. 

I believe the internet connectivity is fine since we are all in the same network but for some reason only selected couple of users have this issue. I was looking at the logs and found this during the same time frame. 

 

(T14456) 05/17/18 14:46:18:838 Debug(3030): Enforcer,remember established connect, 192.168.100.22:62045, 172.16.60.231:49180, ESTABLISHED, 2464, port is 62045, panme is \Device\HarddiskVolume1\Windows\System32\spoolsv.exe
(T14456) 05/17/18 14:46:18:838 Debug(3065): Enforcer,block port 62045
(T14456) 05/17/18 14:46:18:838 Debug(3030): Enforcer,remember established connect, 192.168.100.22:62046, 172.16.60.231:49180, ESTABLISHED, 2464, port is 62046, panme is \Device\HarddiskVolume1\Windows\System32\spoolsv.exe
(T14456) 05/17/18 14:46:18:838 Debug(3065): Enforcer,block port 62046
(T14456) 05/17/18 14:46:18:945 Debug( 402): Enforcer,Successfully Committed BreakAllExistingConnections Transaction.
(T14456) 05/17/18 14:46:18:945 Debug(8965): PanMSService::UpdateGPEnforcer() - enforcer is blocking.
(T14456) 05/17/18 14:46:18:951 Debug( 452): Network is reachable

 

Does anyone have insight to these logs?

@rshetty

I think you cannot compare your issues to the once in this topic (2 repectively 4 year old topic).

What versions PAN-OS and GlobalProtect are you using? How are the users connected when they complain about reconnects: wired, wireless, mobile?

@Remo

I just wanted to know if this issue was resolved and what was the solution. 

 

 

PAN-OS  : 8.0.5

GlobalProtect : 4.0.5

All are connected via wireless. I suspected the issue was wireless but other users are also connected via wireless. 

 

Was just wondering what does this mean

(T188) 05/17/18 15:40:33:044 Debug( 402): Enforcer,Successfully Committed BreakAllExistingConnections Transaction.
(T188) 05/17/18 15:40:33:044 Debug(8965): PanMSService::UpdateGPEnforcer() - enforcer is blocking.

 

I have been seeing this evertime these is a reconnect

L4 Transporter

@rrau wrote:

3000 series FW, software 6.0.1, GP 2.0.1 -- GP continually disconnects/reconnects.. tried reinstalling client, rebooting, etc.. happens with some users at random times..then the issue will magically go away.  Anyone else experience?


 

I've seen this caused by some kinds of cable or DSL modems on the remote end.

 

It's got soemthing to do with the way some modems do UDP security - they allow the connection/authentication, but block the packets after the connection competes, resulting in a timeout and disconnect.

 

Once it disconnects, the client goes back to phase 1 and reconnects and discovers fine - but then times out again after 5 minutes.

 

The various modem/router manufaturers call the settings different things - ALG, PnP Security, some toher things. It's particularly common on DLink routers

 

I'm not sure if I can link to external dicsussions here - I'll try

 

Example 1, Example 2, Example 3

Just an FYI, for my disconnect issues we saw a lot of 

 

"(T16164) 05/17/18 13:32:21:064 Debug(1231): packet length 44 is less than udp length 64067: gateway route may get removed
(T16164) 05/17/18 13:32:21:064 Debug(1307): CheckDriverData() failed" before the tunnel between machine and GP goes down. 

GPC- 5274 Fixed an issue where GlobalProtect agents (versions 4.0.3 to 4.0.5) discarded fragmented UDP packets.

 

Wll be upgrading the GP to 4.0.8 and check if this still happens. 

  • 7364 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!