Global Protect Doesn't connect to Portal. It connects to my WIFI instead

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect Doesn't connect to Portal. It connects to my WIFI instead

L1 Bithead

I have installed GlobalProtect,Version 5.0.3-29. All my colleagues are able to connect. 

Here are the steps:

1. Install Cert in CertStore.

2. Download GlobalProtect agent for 64 bit.

3. Now when trying to connect to Portal. It doesn't throw any error but connects directly to my wifi. It displays "Not Connected. You are connected to ''Wifi Name ".

 

Has anyone encountered this kind of issues. Please let me know. It's very urgent.

10 REPLIES 10

Cyber Elite
Cyber Elite

Are you connecting to the EXTERNAL portal IP?

 

I just set up my portal (as a test) using my inside IP as the portal IP, and I got the same message.

 

GP is supposed to be tested, connecting to public (outside IP).

 

You can also look at your system logs to confirm you have successfully authenticated to your inside portal.

Again, the presumption is that you are inside the network, connecting to portal on inside.

Help the community: Like helpful comments and mark solutions

L3 Networker

@NewUser786 Is this for an internal or external gateway?  You didn't give a lot of detail, is this when you are trying to connect from the client?  Are you able to reach the portal with a browser? 

 

Generally speaking, as long as your pointing your stuff to the correct IP, you should be fine:

Network > GlobalProtect > Portals > (Your Portal Name) > General > Network Settings > IPv4 Address

 

What are the client logs telling you?

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS

 

 

@S.Cantwell 

 

1. My workplace gave me a Portal Address. Ex: globalprotect.example.com

 

Capture1.PNG

2. I entered that address "globalprotect.example.com" in that dialog box.

3. Once i click on Connect it doesn't show any errors. But says not connected when i open. It says its connected to "Raghu" which is my WiFi name. 

 

Capture2.PNG

4. When i check the troubleshooting-->PanGP Service --> Logs

 

(T13388) 11/05/19 07:30:39:057 Debug( 219): CheckHipInOtherProcess() sets hip report ready event.
(T13388) 11/05/19 07:30:39:057 Debug( 133): Wait for the ready event of hip report generated in other process.
(T14364) 11/05/19 07:30:39:057 Debug(4739): HipReportThread: got HIP report ready event.
(T14364) 11/05/19 07:30:39:057 Debug(4755): HipReportThread: wait for network discover ready event.
(T14928) 11/05/19 07:30:39:505 Debug( 330): PanGpHipMp.exe exit for checking misssing patches.
(T14928) 11/05/19 07:30:39:505 Debug( 396): CheckHipMissingPatchInOtherProcess(): exits.
(T14928) 11/05/19 07:30:39:505 Debug( 476): Hip missing patch checking duration is 15
(T13388) 11/05/19 07:30:40:388 Debug( 141): Got event for PanGpHip process has quited.
(T13388) 11/05/19 07:30:40:388 Debug( 338): CheckHip over
(T13388) 11/05/19 07:30:40:388 Debug( 282): Hip checking is not initiated by clicking resubmit host profile.
(T13388) 11/05/19 07:30:40:388 Debug( 216): HipCheckThread: wait for hip check event for 3600000 ms);
(T13388) 11/05/19 07:30:40:388 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;
(T9832) 11/05/19 07:31:05:428 Dump ( 252): Recv...
(T14928) 11/05/19 07:31:09:507 Debug( 444): HipMissingPatchThread: now is 1572964269, last hip check is 1572964224, hip check interval is 3600000
(T14928) 11/05/19 07:31:09:507 Debug( 449): HipMissingPatchThread: wait 3525000 ms
(T13388) 11/05/19 07:31:40:391 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;
(T13388) 11/05/19 07:32:40:391 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;
(T13388) 11/05/19 07:33:40:394 Dump ( 231): HipCheckThread WinUWP: wait for hip check event for 60000 ms;

 

Please let me know. This is the first time i am using this VPN. Thank you very much for your reply.

Please point to me system logs file name, the logs i have exported are with different names. Not sure which one you are looking for.

@Shawverr  - This is when i am connecting my work Laptop to Work VPN.

 

Yes its the client. Below is screenshot of the client.

 

 Capture1.PNG

 

Yes, I am able to reach via browser, that is from where i downloaded 'Download Windows 64 bit GlobalProtect agent'.

 

Generally speaking, as long as your pointing your stuff to the correct IP, you should be fine:

Network > GlobalProtect > Portals > (Your Portal Name) > General > Network Settings > IPv4 Address

 

"I am a user not an Admin for Portal. I cannot check those settings". I am one of the user who is not able to access. Others users/teammates are able to connect.

 

What are the client logs telling you?

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS

 

I collected those logs, but not sure which file to check and what to check.

 

Any help in this regards please. Thank you very much for taking time and helping in this regards.

 

@NewUser786 

I'm guessing you've already reached out to your IT folks?

 

I did see the post that you deleted with the logs and honestly from that it looked like you aren't passing a HIP check.  Basically think of a HIP check as a set of criteria your IT folks have set that your device has to meet to be allowed on the network.

 

As just a "user" you may be limited on your troubleshooting options as you might have to be a local admin on your device in order to do a lot of things.

 

I don't want to offend you so I'll just assume you know nothing about PC's (like most of my users, haha) and try to help you.

 

Have you tried uninstalling the client and reinstalling it?

Yes, I have reached out to our IT dept. 

Yes, did uninstall and re-install multiple times today. Including restart of machine it didn't help. 

 

Thank you for helping. I am new to networking concepts 🙂

 

@NewUser786 I think your best bet is for your IT team to help at this point.  

 

All the best!

Hello again

 

So if the company gave your the portal address, how did you download the GP agent onto your computer?

By default the GP Agent is maintained (and downloaded) from the GP Portal.

So this is an important question.

 

Next step in troubleshooting is to a command prompt and ping (and then also) open up a browser and attempt to browse to the FQDN name of your portal.

 

Can you confirm that the FDQN is an external FDQN name vs internal?

Have you tried both scenarios, when inside your (presumed home network) and your corporate network.

Because "Raghu" sounds like an internal name.  😛

 

Another question to ask, is that if IT has given you this portal, are you the only one having a problem connecting?

 

If everyone else works fine (presumption) then the issue is with your computer vs the configuration that is stored on the FW.

Also, if your IT gave you this portal name, have you contacted IT for their troubleshooting?  What did they say?

 

Please advise.

 

 

Help the community: Like helpful comments and mark solutions

Are you able to connect ?

MP

Help the community: Like helpful comments and mark solutions.

With Global Protect Internal Gateway if you use any other connect method  under Portal And APP

other than User-logon (Always On)  you see that error message which you are getting.

 

 

MP

Help the community: Like helpful comments and mark solutions.
  • 18288 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!