Global Protect Dropouts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect Dropouts

L0 Member

Hi, 

 

I keep getting dropouts,  from global protect.  It will say connected but I'm not able to remote to other machines that I know are on the network and then will disconnect and re-connect for some unknown reason like every minute or so. I looked through the logs but can't really figure out what is going on.  Any nudge in the right direction would be greatly appreciated.  Below is a summation of what i know :

 

 

Capture.PNG

5 REPLIES 5

L2 Linker

We have seen the same issue, it appears the client maintains the connection and PING the VPN GW however users cannot access outside services for periods of time. The dropouts are not consistent as far as time and the drops/outages can last up to 5 min. We are using the 4.1.6 client after upgrading however this has not helped.

 

I worked with TAC and need to collect some log, I can report back once i get more information.

Cyber Elite
Cyber Elite

@PANgraves,

Look at you App configuration, specifically 'User Switch Tunnel Rename Timeout (sec)', and report back what this is set to. By default, if a tunnel detects that the user-id information has changed you'll only have that set timeout period to reauthenticate the tunnel. This kind of sounds like what you are running into. 

The timeout was set to the default so to continue testing I increased the time to 100 seconds and according to the client that solved the issue. We still have a few more rounds of testing but this could be the cure.

@BPry Thanks for the suggestion,  But I don't have any  app configuration, 

I'm still unable to connect to the sites I need due to these dropoutsimage.pngimage.png

 

 

When it connects it will connect to LAN2 and then Drop it for LAN1

@PANgraves,

The setting that I mentioned is available on the firewall and is not available on the agent settings. if you don't have access to the firewall you wouldn't be able to modify the User Switch Tunnel Rename Timeout value. 

  • 2999 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!