Good morning, all!
For the past several months, we've had an ongoing issue with our student's take-home 1:1 netbooks. Once they attach to the globalprotect portal/gateway, they won't work with LanSchool any longer.
First, the environment background:
PA-2050 running 4.1.9, GP 1.1.4. GP is configured to recognize internal to the network, and does with student systems.
Students are issued an Intel Classmate netbook/convertible tablet running Windows 7 Pro/32, 4gb ram. GP is configured on all systems for remote filtering and remote internal server access. We currently have 1600 units deployed.
In our troubleshooting, we were able to determine that if the student system hasn't ever connected to the portal (and portal was empty in GP setup.) Lanschool works properly. Once it connects to the portal and configures it no longer does, unless the GP vNIC is disabled. We've had a developer for LanSchool involved doing debugging and what he's seen is that the initial connection is made to the connection server, but drops immediately after that. If it helps, the traffic is on port 8080, and is not HTTP traffic. I see the traffic from students at home, and the traffic is let through, but that's all I've seen in the logs. All the sessions are 1.3K.
I don't know if an update would help resolve this, but we're not in a position to try anything newer with GP as 1) I don't know if the upgrade will automatically install on the deployed units as the students don't have admin rights. 2) if it goes bad, or creates any other issues, I'm going to have people very upset with me!
Any thoughts would be greatly appreciated!!!
Thanks in advance!
I would recommend updating to the latest GP version.
1) I don't know if the upgrade will automatically install on the deployed units as the students don't have admin rights.
Admin Rights are only needed for the first Installation.
Updates do not need one.
2) if it goes bad, or creates any other issues, I'm going to have people very upset with me.
The safer way of executing this would be choosing the Client Upgrade option to Prompt where the users would be prompted before upgrade (and requesting them not to before hand) and then
Activating the Lastest GP version ,testing if it is helpful.
This way you can always Reactivate the earlier GP version.
(Network > GlobalProtect > Portals>Client Configuration>Client Upgrade)
Client Upgrade—Specify whether to prompt the client to update after configuration changes (prompt) or to perform the upgrade without informing the client (transparent).
Interesting that all of the sessions are of same size. The fact that the web-site is using a port 8080 might be causing some issues here. You can do packet capture on the PC's and see if you are getting any Resets are not. Also try visiting some proxy web-sites that are using port 8080 and if you have problem with them if so then we can narrow the issue to the port. If possible you can contact call support for advanced troubleshooting assistance.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!