Have confirmed that no changes have been made firewall-wise, nor GP agent. The client gets authenticated, assigned an IP from the pool, but is then unable to ping anything internally, and consequently can't resolved DNS. The PA hosting Global Protect is a VM in Azure, as are the onward servers.
Hi @solarstone ,
There isn't much info to work with.
What connection method are you using with GP ? Do you have split-tunnel (is your traffic going into the tunnel or following a different route) ?
Do the logs or global counters provide additional information ?
Some general GP troubleshooting tips can be found here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkBCAS
In addition to what @kiwi has already mentioned, you haven't stated if it happens to a single client or if you can reproduce the issue across all clients in your environment. That's a pretty important detail when working with what is potentially limited to a single agent installation on a sole client.
Also, just a friendly reminder that 5.2.4 as an agent is fairly behind the current release for the 5.2 agent. Might want to take a look at the release notes and think about activating a new agent bundle.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!