Global Protect Gateway Config Issue PAN-OS 5

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect Gateway Config Issue PAN-OS 5

L3 Networker

I'm setting up Global Protect on a PA-200, PAN_OS 5.

There appears to be a bug when setting up the Global Protect Gateway.

Following the instructions in the Admin Guide for 5.0, it states to choose the interface and the IP on the General tab.  Then on the Client tab choose Tunnel and then you can setup all that fun stuff.

The issue was that everything on the Client & Satellite tabs was greyed out; couldn't select anything.

After putzing around for a while, I enabled tunnel mode from the command line.  Once I did that, the interface and IP on the General tab were no longer set but I could setup Tunnel mode.  Once I set that up, I chose the interface on the General tab.  When I tried to set the IP, the only option available was None.

After committing this, I went back to my Global Protect Gateway setting and I was able to choose an the interface IP.  Checking the config on the CLI shows all the config there so it looks like it all took.

I haven't had a chance to test to see if it works yet.  I'm just getting it setup to put in my colo space.

Has anyone seen this issue?  I've searched the communities and didn't see any posts related to this issue.

Thanks in advance,

Matt

4 REPLIES 4

L1 Bithead

I have seen this issue when the device was still doing a commit. 

L0 Member

Yes, I ran into the same issue on PA-4020 running OS_5.0.0. Thanks to your comment, I was able to fix the problem by following the same exact sequence of steps described in your post. Eventually everything worked fine, as I successfully tested the configuration by RDP-ing into a remote host. I did not notice this issue was related to a pending commit as the previous commentator stated.

Cheers,

Bob

Bob Pesakovic, M.Eng, CISSP
Advanced E&D
Office: (240) 230-6640
Cell: (240) 418-xxxx
mailto:bob@A-EngineeringDesign.com

L3 Networker

I agree.  The commit was completed and not pending when I had the issue.  It just seems to be a bug.  Mine worked fine when I tested it as well.

I have seen the same issue on a PA500 5.0.3.

The Tunnel-mode checkbox could not be checked. CLI (set global-protect global-protect-gateway <gw_name> tunnel-mode yes) did work, but now there were some other problems.

Deleting the GP Gateway config and creating a new did solve my issue completely, Still this must be filed as a bug.

Reboot did not help b.t.w.

  • 3336 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!