Global Protect not connecting

Reply
Highlighted
L1 Bithead

Global Protect not connecting

Hi Community,

For the past 2 days PA's globalProtect is really becoming a headache for me. PA is becoming pain for me on these days.

It won't connect, stated as not connected, sometimes it stuck at "Connecting", and if that's the lucky hour, it will connect once or twice. 

I've tested it on so many computers, restarting the pc, uninstalling GP, and installing it again. After so many attempts, if lucky, it will connect once or twice.

 

I've got the log file of the client software. And searched through the community, and found this Delay in Connections Using GlobalProtect, and I unchecked as the document suggested. But still no luck

 

Anyone had this issue?

Thank you.

 

 

Tags (3)
Highlighted
L4 Transporter

Re: Global Protect not connecting

Hi

 

First of all - we need information about Your device (PANOS version, GP client version) and more info about GP configurations. Without such information noone can help You.

 

 

Regards

Slawek

Highlighted
L1 Bithead

Re: Global Protect not connecting

Hi Slawek,

Our device is PA-3020, and it is on version 6.1.4. GP client is on 2.0.3 currently. But I've tried with GP client 2.3.1 and 2.3.0, still same result. 

 

Is there anything with the Global Protect and SSL Decryption?

I've just disabled SSL Decryption, and now GP is working okay.

Do you guys have any Idea about this? SSL Decryption and Global Protect conflict?

Highlighted
L5 Sessionator

Re: Global Protect not connecting

Hi Mendsaikhan,

 

first thing that comes into my mind is that you were trying to decrypt your incoming GP sessions. Can you check how was decryption set? Your GP users will, usually, be in their own zone, allthough not necessarily. I am thinking you are putting them into "trust" zone... but anyways, I have had more than a few setups of outbound decryption for users from GP, so this is probably a case of misconfiguration rather than any bug or something.

I think you will benefit the most if you open TAC case, it would be unreasonable to ask you to post your tech support file here. Just open the case, TAC should be able to help you quickly and figure out what was mis-routed or something.

That is definitely not expected behavior and GP is working fine, far from "connecting sometimes if we are lucky".

 

Regards


Luciano

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!