- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-27-2021 10:25 PM
Hi,
When I connect global protect Gateway. Once is connected I received this notification.
I have check the internet connectivity it's working fine.
Can you please let me know how to avoid this notification
03-01-2021 01:31 AM
@Mick_Ball Based on past experience this is an "issue" in GP 5.2.5 (Which Joshan is using). I believe it is related to the improved error messages, so a lot of people are suddenly getting this warning thinking it's a new issue, but IPSec never likely worked in the first place.
Features Introduced in GlobalProtect App 5.2 (paloaltonetworks.com)
Improved Connectivity Error Messages for the GlobalProtect App | (GlobalProtect app 5.2.5 and later releases) To enable a better user experience, the GlobalProtect app is now updated to display improved connectivity error messages. With this change, the GlobalProtect app can now provide friendly, informative connectivity error messages to help end users resolve issues on their endpoint themselves to reduce support calls to their Help Desk professional. |
- DM
03-01-2021 01:36 AM
OK thanks for the information. i was not aware as just below that version..
i like the suggestion.. " to reduce support calls to their Help Desk professional".
this new popup will send our helpdesk phones into meltdown.... nice one Palo.
03-01-2021 04:56 AM
Paloalto Version is 9.0.9h1
I have check the security policy and it's created any any.
Moreover i take the pacp but not packet is hit on 4501 port. Can you please advise
03-01-2021 05:05 AM - edited 03-01-2021 05:06 AM
Do you have "Enable IPSec" selected as below.
if yes then your connection will first try IPSec on udp 4501. if at any time this fails then it will revert to SSL (443) and thats probably when you are getting the popup.
try pcap from the start of the connection,
03-01-2021 05:07 AM
@Joshan_Lakhani if it's now showing on the pcap that suggests it's failing before the firewall.
Check the local machine's firewall/other security software, and any other devices in between which could be preventing connectivity.
Also as a sanity check, have a look at the gateway settings and ensure IPSec mode is enabled.
03-01-2021 05:10 AM
Thanks for you reply
Yes ipsec is enable on global protect gateway.
Moreover it's trying to took packet capture on port source 4501 as well as on destination port but it's cannot find pacp file is generated.
03-01-2021 05:13 AM
Iam also disable the antivirus as well as window firewall still i can't see the pacp capture file on 4501
03-01-2021 05:25 AM
why not run wireshark locally with GP client.
capture using lan/wifi adapter and capture filter "Host (gateway address).
run wireshark before connecting so that you can see all what happens.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!