Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Global protect Notification

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global protect Notification

L4 Transporter

Hi,

 

When I connect global protect Gateway. Once is connected I received this notification.

I have check the internet connectivity it's working fine.

 

Can you please let me know how to avoid this notification 

 

Joshan_Lakhani_0-1614493398995.jpeg

 

22 REPLIES 22

@Mick_Ball Based on past experience this is an "issue" in GP 5.2.5 (Which Joshan is using). I believe it is related to the improved error messages, so a lot of people are suddenly getting this warning thinking it's a new issue, but IPSec never likely worked in the first place.

 

Features Introduced in GlobalProtect App 5.2 (paloaltonetworks.com)

 

Improved Connectivity Error Messages for the GlobalProtect App
(GlobalProtect app 5.2.5 and later releases) To enable a better user experience, the GlobalProtect app is now updated to display improved connectivity error messages. With this change, the GlobalProtect app can now provide friendly, informative connectivity error messages to help end users resolve issues on their endpoint themselves to reduce support calls to their Help Desk professional.

 

- DM

Sr. Technical Support Engineer, Strata

OK thanks for the information.  i was not aware as just below that version..

 

i like the suggestion..   " to reduce support calls to their Help Desk professional".

 

this new popup will send our helpdesk phones into meltdown....   nice one Palo.

@Mick_Ball 

 

Paloalto Version is 9.0.9h1

@dmifsud 

 

I have check the security policy and it's created any any. 

Moreover i take the pacp but not packet is hit on 4501 port. Can you please advise

Do you have "Enable IPSec" selected as below.

MickBall_0-1614603959231.jpeg

 

if yes then your connection will first try IPSec on udp 4501. if at any time this fails then it will revert to SSL (443) and thats probably when you are getting the popup.

 

try pcap from the start of the connection,

 

 

@Joshan_Lakhani if it's now showing on the pcap that suggests it's failing before the firewall.

 

Check the local machine's firewall/other security software, and any other devices in between which could be preventing connectivity.

 

Also as a sanity check, have a look at the gateway settings and ensure IPSec mode is enabled.

Sr. Technical Support Engineer, Strata

@dmifsud @Mick_Ball 

 

Thanks for you reply

 

Yes ipsec is enable on global protect gateway.

Moreover it's trying to took packet capture on port source 4501 as well as on destination port but it's cannot find pacp file is generated.

 

 

@dmifsud 

Iam also disable the antivirus as well as window firewall still i can't see the pacp capture file on 4501

why not run wireshark locally with GP client.

capture using lan/wifi adapter and capture filter "Host (gateway address).

 

run wireshark before connecting so that you can see all what happens.

  • 9551 Views
  • 22 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!