- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-05-2019 03:01 AM
I have installed GlobalProtect,Version 5.0.3-29. All my colleagues are able to connect.
Here are the steps:
1. Install Cert in CertStore.
2. Download GlobalProtect agent for 64 bit.
3. Now when trying to connect to Portal. It doesn't throw any error but connects directly to my wifi. It displays "Not Connected. You are connected to ''Wifi Name ".
Has anyone encountered this kind of issues. Please let me know. It's very urgent.
11-05-2019 06:09 AM
Are you connecting to the EXTERNAL portal IP?
I just set up my portal (as a test) using my inside IP as the portal IP, and I got the same message.
GP is supposed to be tested, connecting to public (outside IP).
You can also look at your system logs to confirm you have successfully authenticated to your inside portal.
Again, the presumption is that you are inside the network, connecting to portal on inside.
11-05-2019 06:16 AM
@NewUser786 Is this for an internal or external gateway? You didn't give a lot of detail, is this when you are trying to connect from the client? Are you able to reach the portal with a browser?
Generally speaking, as long as your pointing your stuff to the correct IP, you should be fine:
Network > GlobalProtect > Portals > (Your Portal Name) > General > Network Settings > IPv4 Address
What are the client logs telling you?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS
11-05-2019 06:40 AM - edited 11-05-2019 06:42 AM
1. My workplace gave me a Portal Address. Ex: globalprotect.example.com
2. I entered that address "globalprotect.example.com" in that dialog box.
3. Once i click on Connect it doesn't show any errors. But says not connected when i open. It says its connected to "Raghu" which is my WiFi name.
4. When i check the troubleshooting-->PanGP Service --> Logs
(T13388) 11/05/19 07:30:39:057 Debug( 219): CheckHipInOtherProcess() sets hip report ready event.
(T13388) 11/05/19 07:30:39:057 Debug( 133): Wait for the ready event of hip report generated in other process.
(T14364) 11/05/19 07:30:39:057 Debug(4739): HipReportThread: got HIP report ready event.
(T14364) 11/05/19 07:30:39:057 Debug(4755): HipReportThread: wait for network discover ready event.
(T14928) 11/05/19 07:30:39:505 Debug( 330): PanGpHipMp.exe exit for checking misssing patches.
(T14928) 11/05/19 07:30:39:505 Debug( 396): CheckHipMissingPatchInOtherProcess(): exits.
(T14928) 11/05/19 07:30:39:505 Debug( 476): Hip missing patch checking duration is 15
(T13388) 11/05/19 07:30:40:388 Debug( 141): Got event for PanGpHip process has quited.
(T13388) 11/05/19 07:30:40:388 Debug( 338): CheckHip over
(T13388) 11/05/19 07:30:40:388 Debug( 282): Hip checking is not initiated by clicking resubmit host profile.
(T13388) 11/05/19 07:30:40:388 Debug( 216): HipCheckThread: wait for hip check event for 3600000 ms);
(T13388) 11/05/19 07:30:40:388 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;
(T9832) 11/05/19 07:31:05:428 Dump ( 252): Recv...
(T14928) 11/05/19 07:31:09:507 Debug( 444): HipMissingPatchThread: now is 1572964269, last hip check is 1572964224, hip check interval is 3600000
(T14928) 11/05/19 07:31:09:507 Debug( 449): HipMissingPatchThread: wait 3525000 ms
(T13388) 11/05/19 07:31:40:391 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;
(T13388) 11/05/19 07:32:40:391 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;
(T13388) 11/05/19 07:33:40:394 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;
Please let me know. This is the first time i am using this VPN. Thank you very much for your reply.
Please point to me system logs file name, the logs i have exported are with different names. Not sure which one you are looking for.
11-05-2019 06:55 AM
@Shawverr - This is when i am connecting my work Laptop to Work VPN.
Yes its the client. Below is screenshot of the client.
Yes, I am able to reach via browser, that is from where i downloaded 'Download Windows 64 bit GlobalProtect agent'.
Generally speaking, as long as your pointing your stuff to the correct IP, you should be fine:
Network > GlobalProtect > Portals > (Your Portal Name) > General > Network Settings > IPv4 Address
"I am a user not an Admin for Portal. I cannot check those settings". I am one of the user who is not able to access. Others users/teammates are able to connect.
What are the client logs telling you?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS
I collected those logs, but not sure which file to check and what to check.
Any help in this regards please. Thank you very much for taking time and helping in this regards.
11-05-2019 07:24 AM
I'm guessing you've already reached out to your IT folks?
I did see the post that you deleted with the logs and honestly from that it looked like you aren't passing a HIP check. Basically think of a HIP check as a set of criteria your IT folks have set that your device has to meet to be allowed on the network.
As just a "user" you may be limited on your troubleshooting options as you might have to be a local admin on your device in order to do a lot of things.
I don't want to offend you so I'll just assume you know nothing about PC's (like most of my users, haha) and try to help you.
Have you tried uninstalling the client and reinstalling it?
11-05-2019 07:44 AM
Yes, I have reached out to our IT dept.
Yes, did uninstall and re-install multiple times today. Including restart of machine it didn't help.
Thank you for helping. I am new to networking concepts 🙂
11-08-2019 06:27 AM
Hello again
So if the company gave your the portal address, how did you download the GP agent onto your computer?
By default the GP Agent is maintained (and downloaded) from the GP Portal.
So this is an important question.
Next step in troubleshooting is to a command prompt and ping (and then also) open up a browser and attempt to browse to the FQDN name of your portal.
Can you confirm that the FDQN is an external FDQN name vs internal?
Have you tried both scenarios, when inside your (presumed home network) and your corporate network.
Because "Raghu" sounds like an internal name. 😛
Another question to ask, is that if IT has given you this portal, are you the only one having a problem connecting?
If everyone else works fine (presumption) then the issue is with your computer vs the configuration that is stored on the FW.
Also, if your IT gave you this portal name, have you contacted IT for their troubleshooting? What did they say?
Please advise.
12-15-2019 09:04 AM
Are you able to connect ?
12-17-2019 09:16 PM
With Global Protect Internal Gateway if you use any other connect method under Portal And APP
other than User-logon (Always On) you see that error message which you are getting.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!