Global Protect trying to connect somewhere else

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Global Protect trying to connect somewhere else

L4 Transporter

I am seeing this atlease with my system and has not been reported by anyother user. I have seen this happenin before on my system with older version of GP(4.X) also. But it ould resolve on system restart or after few tries but not today.

GP seems to try to connect to unkown IP's to me and wouldn't connect with our corporate portal.

 

I don't where these IP's are getting in from, And during this time i don't see even single attempt in system logs with m username.

Using IP instead of domain name(vpn.xyz.com) also doen't work.

 

17.253.31.202
172.217.14.206
13.107.4.52

 

(T7020) 06/07/19 11:10:29:502 Debug(1370): Serialize empty cookie for portal vpn.xyz.com and pre-logon user
(T7020) 06/07/19 11:10:29:504 Debug(1377): SerializePortalPrelogonAuthCookie to file PanPPAC_94b4c51c8e150b288ecc063c022aead.dat
(T7020) 06/07/19 11:10:29:504 Debug(6667): Retrieved pre-logon-tunnel-rename-timeout value 200
(T7020) 06/07/19 11:10:29:504 Debug(6675): Retrieved user-switch-tunnel-rename-timeout value 0
(T7020) 06/07/19 11:10:29:504 Debug(6691): The value of can-continue-if-portal-cert-invalid is yes
(T7020) 06/07/19 11:10:29:504 Debug(5808): prelogon status is 0
(T7020) 06/07/19 11:10:29:504 Debug(5939): Force discovery, set NetworkDiscoverEvent
(T2264) 06/07/19 11:10:29:504 Debug( 468): Set hip report quit event
(T2264) 06/07/19 11:10:29:504 Debug(4020): NetworkDiscoverThread: got network discover event.
(T2264) 06/07/19 11:10:29:504 Debug(4027): ----Network Discover starts----
(T2264) 06/07/19 11:10:29:504 Debug( 796): SetNextScheduledHipCheckTime to 0
(T2264) 06/07/19 11:10:29:504 Debug( 818): m_bScheduleFlag is set to 0
(T2264) 06/07/19 11:10:29:504 Debug(1806): bNetworkAvailable is 0
(T2264) 06/07/19 11:10:29:504 Debug(1819): Network is changed to unreachable
(T7020) 06/07/19 11:10:29:505 Debug(1146): Send response to client for request hip
(T2644) 06/07/19 11:10:31:338 Debug(3725): CPD, reset cp detection history
(T2644) 06/07/19 11:10:31:566 Debug( 45): Network is not available
(T2644) 06/07/19 11:10:32:567 Debug( 48): Network is still not available, quit connect attempt
(T2644) 06/07/19 11:10:32:567 Debug( 546): Failed to connect to 17.253.31.202 on 80 with return value -1 and socket error 1411(Class does not exist.)
(T2644) 06/07/19 11:10:32:567 Debug( 111): CPD, Connect to captive portal 17.253.31.202:80 Failed
(T2644) 06/07/19 11:10:32:567 Debug(3737): CPD, index=0, iRet=-1, lastError=0
(T2644) 06/07/19 11:10:32:567 Debug(3751): CPD, CaptivePortalDetectionThread: captive portal is not detected for CP server. iStatus = 0
(T2644) 06/07/19 11:10:32:568 Debug( 45): Network is not available
(T2644) 06/07/19 11:10:33:570 Debug( 48): Network is still not available, quit connect attempt
(T2644) 06/07/19 11:10:33:570 Debug( 546): Failed to connect to 172.217.14.206 on 80 with return value -1 and socket error 1411(Class does not exist.)
(T2644) 06/07/19 11:10:33:570 Debug( 111): CPD, Connect to captive portal 172.217.14.206:80 Failed
(T2644) 06/07/19 11:10:33:570 Debug(3737): CPD, index=1, iRet=-1, lastError=-1
(T2644) 06/07/19 11:10:33:570 Debug(3751): CPD, CaptivePortalDetectionThread: captive portal is not detected for CP server. iStatus = 0
(T2644) 06/07/19 11:10:33:570 Debug( 45): Network is not available
(T2644) 06/07/19 11:10:34:571 Debug( 48): Network is still not available, quit connect attempt
(T2644) 06/07/19 11:10:34:571 Debug( 546): Failed to connect to 13.107.4.52 on 80 with return value -1 and socket error 1411(Class does not exist.)
(T2644) 06/07/19 11:10:34:571 Debug( 111): CPD, Connect to captive portal 13.107.4.52:80 Failed
(T2644) 06/07/19 11:10:34:571 Debug(3737): CPD, index=2, iRet=-1, lastError=-1
(T2644) 06/07/19 11:10:34:571 Debug(3751): CPD, CaptivePortalDetectionThread: captive portal is not detected for CP server. iStatus = 0
(T2644) 06/07/19 11:10:34:571 Debug(3921): CaptivePortalDetectionThread: Didn't detect captive portal currently, and bCaptivePortalDetectedOnce=(0).
(T2644) 06/07/19 11:10:34:571 Debug(3813): CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
(T6744) 06/07/19 11:10:38:006 Debug( 137): Got hip report in other process ready event.
(T6744) 06/07/19 11:10:38:006 Debug( 156): Read output from PanGpHip.exe
(T6744) 06/07/19 11:10:38:006 Debug( 193): write hip file now
(T6744) 06/07/19 11:10:38:006 Debug( 219): CheckHipInOtherProcess() sets hip report ready event.
(T6744) 06/07/19 11:10:38:006 Debug( 133): Wait for the ready event of hip report generated in other process.
(T16644) 06/07/19 11:10:38:006 Debug(4464): HipReportThread: got HIP report ready event.
(T16644) 06/07/19 11:10:38:006 Debug(4480): HipReportThread: wait for network discover ready event.
(T15844) 06/07/19 11:11:28:689 Debug( 330): PanGpHipMp.exe exit for checking misssing patches.
(T15844) 06/07/19 11:11:28:689 Debug( 396): CheckHipMissingPatchInOtherProcess(): exits.
(T15844) 06/07/19 11:11:28:689 Debug( 483): Hip missing patch checking duration is 59
(T6744) 06/07/19 11:11:58:722 Debug( 141): Got event for PanGpHip process has quited.
(T6744) 06/07/19 11:11:58:722 Debug( 338): CheckHip over
(T6744) 06/07/19 11:11:58:722 Debug( 282): Hip checking is not initiated by clicking resubmit host profile.
(T6744) 06/07/19 11:11:58:722 Debug( 216): HipCheckThread: wait for hip check event for 3600000 ms);

 

1 accepted solution

Accepted Solutions

L7 Applicator

Hi @raji_toor 

 

This is because of the captive portal detection of global protect. To check if there is a captive portal that prevents the connection, GP tries to connect to 3 different http websites of google, microsoft and apple (these websites are only there for captive portal reasons) to check if the request is redirected to a captive portal login website.

View solution in original post

2 REPLIES 2

L7 Applicator

Hi @raji_toor 

 

This is because of the captive portal detection of global protect. To check if there is a captive portal that prevents the connection, GP tries to connect to 3 different http websites of google, microsoft and apple (these websites are only there for captive portal reasons) to check if the request is redirected to a captive portal login website.

Any idea how you can completely disable the captive portal. The GP solution I am running will never require a user with a captive portal so I would like to have it disabled.

  • 1 accepted solution
  • 7981 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!