Global Protect user private IP shows 0.0.0.0

Reply
Highlighted
L3 Networker

Global Protect user private IP shows 0.0.0.0

Hi team,

 

One of my customer experiencing a weird issue in global protect.

 

When Client joins the GP he get a private IP 172.16.100.230 and i can see that system logs and also in his GP Agent. When he initiates traffic i can able to see that private iP in traffic log as well but issue is when i go to see the current users in GP Gateway >Remote user, i only see 0.0.0.0 as a private IP. Why this is happening ??  I surfed for a KB article but i couldn't find one, so if you guys found one please share and if you guys possess knowledge about this issue please share it here. I can't restart the ikemgr and sslmgr because user is getting authenticated and getting the correct private IP but only in firewall i cannot see that in current connected users, so there is any demon i have to restart except for ikemgr, sslmgr and rsamgr...???

 

 

Thanks & Regards,
Sahithyan S
Highlighted
Community Team Member

Re: Global Protect user private IP shows 0.0.0.0

Hi @sahithyan.subbu ,

 

Any more details on your customer environment ?

PAN-OS version, GP version ? HA-setup yes/no?

 

Not entirely the same issue I suspect ... but I saw 0.0.0.0 as connected users on an HA-setup where the 2 firewalls didn't match on PAN-OS version.

 

Cheers,

-Kiwi.

 
Highlighted
L3 Networker

Re: Global Protect user private IP shows 0.0.0.0

@kiwi  Thanks for the prompt reply.

 

Please see the below required info's,

 

sw-version: 9.0.5
global-protect-client-package-version: 5.0.6

No HA.

 

 

 

Thanks & Regards,
Sahithyan S
Highlighted
Community Team Member

Re: Global Protect user private IP shows 0.0.0.0

@sahithyan.subbu 

 

I wouldn't say this is expected

 

Does it happen for all the users or just one ? All gateways or just one (if you have multiple) ?

Also to confirm ... everything is working fine connection wise ?

 

 

 
Highlighted
L3 Networker

Re: Global Protect user private IP shows 0.0.0.0

@kiwi 

 

It happens for random users and if once user's private IP starts showing 0.0.0.0 in remote user section that stays forever. Even after multiple re-connections from client side it just wont change back to actual private IP. 

About multiple gateways, yeah customer got 2 gateways but 2nd is non implemented in live yet so actual live in 1 gateway.

Irony is this doesn't impact the network in anyway because in user end agent getting actual private IP that is 172.16.100.234, and also in traffic log i can able to see that actual IP also i can see that actual IP in system logs. Only thing is in GP gateway remote users section, only there i am seeing this weird ip 0.0.0.0 instead of actual private IP.

 

 

Thanks & Regards,
Sahithyan S
Highlighted
Community Team Member

Re: Global Protect user private IP shows 0.0.0.0

Hi @sahithyan.subbu ,

 

That sounds like a bug :S

 

Luckily it seems to be a visual bug only and not impacting any performance.

I'd recommend to gather GP logs and Firewall logs and Tech support file to report it to Technical Support.

 

Cheers,

-Kiwi.

 
Highlighted
L4 Transporter

Re: Global Protect user private IP shows 0.0.0.0

When we see this it is 100% of the time due to the user(s) not being in the AD group that is allowed to use the VPN. Once they are added to the proper group then they get a valid IP. 

 

I did see this one other time after a PANOS upgrade everyone had 0.0.0.0 and that was a visual "glitch/bug" the user still had an IP address when checked on the CLI.

 

 

Highlighted
L3 Networker

Re: Global Protect user private IP shows 0.0.0.0

@kiwi  

 

Yeah man, I too think so

Okay will create a ticket with PA TAC and will  post the results here after i get a conclusion on this.

Thanks for your support man, Appreciate that.

 

 

Thanks & Regards,
Sahithyan S
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!