One of my customer experiencing a weird issue in global protect.
When Client joins the GP he get a private IP 172.16.100.230 and i can see that system logs and also in his GP Agent. When he initiates traffic i can able to see that private iP in traffic log as well but issue is when i go to see the current users in GP Gateway >Remote user, i only see 0.0.0.0 as a private IP. Why this is happening ?? I surfed for a KB article but i couldn't find one, so if you guys found one please share and if you guys possess knowledge about this issue please share it here. I can't restart the ikemgr and sslmgr because user is getting authenticated and getting the correct private IP but only in firewall i cannot see that in current connected users, so there is any demon i have to restart except for ikemgr, sslmgr and rsamgr...???
It happens for random users and if once user's private IP starts showing 0.0.0.0 in remote user section that stays forever. Even after multiple re-connections from client side it just wont change back to actual private IP.
About multiple gateways, yeah customer got 2 gateways but 2nd is non implemented in live yet so actual live in 1 gateway.
Irony is this doesn't impact the network in anyway because in user end agent getting actual private IP that is 172.16.100.234, and also in traffic log i can able to see that actual IP also i can see that actual IP in system logs. Only thing is in GP gateway remote users section, only there i am seeing this weird ip 0.0.0.0 instead of actual private IP.
When we see this it is 100% of the time due to the user(s) not being in the AD group that is allowed to use the VPN. Once they are added to the proper group then they get a valid IP.
I did see this one other time after a PANOS upgrade everyone had 0.0.0.0 and that was a visual "glitch/bug" the user still had an IP address when checked on the CLI.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!