11-02-2023 03:32 AM
I have defined a closed VLAN that has no internet access, and it can only communicate over the LAN. In the same LAN, there is a Global Protect portal configured. The clients can ping and access the portal's web page, but the Global Protect application is very slow in connecting to the configured portal and performing user authentication. However, when I move the client to another VLAN that allows WAN traffic, the Global Protect client quickly connects to the portal and performs user authentication. Could it be that Global Protect needs specific WAN destinations while connecting? Can I resolve this issue by creating a rule to allow the restricted VLAN access to these destinations.
11-02-2023 03:16 PM
If you looks at the PanGPS.log file on one of the affected clients you may be able to identify where the latency is coming in. If I would hazard a guess, the client is introducing the latency as it can't do a connectivity test without access to resources and you're probably having to wait for the OS to identify it as a local only connection.
11-05-2023 11:37 PM
Thank you for your return. I reviewed the log file, but I could not see any record of an access problem that would cause a delay. It always gives an error like "restartgpa not set, do not restart gpa". I agree with your opinion, it tries to organize the connection locally and slows it down. Maybe if I can identify the target resources it needs, I can solve this problem with a rule.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
