- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-18-2012 07:31 AM
We have had several instances where our end users are not able to connect with the globalprotect client since upgrading to PANOS 4.1. When I check the system log file I see the following errors
2012/01/18 09:45:03info globalp portal globalp 0 GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .
2012/01/18 09:45:03info general auth-fa 0 User 'USER' failed authentication. Reason: User is in locked users list From: 208.54.35.242.
2012/01/18 09:45:02info globalp portal globalp 0 GlobalProtect portal user authentication failed. Login from: 208.54.35.242, User name: USER, Reason: Authentication failed: Invalid username or password .
2012/01/18 09:45:02info general auth-fa 0 User 'USER' failed authentication. Reason: User is in locked users list From: 208.54.35.242.
If I force an IP address change on the end user's PC then I can connect. I've tried looking for a lock file for specific IP addresses but have not been successful in finding anything of the sort. Can someone please point me in the right direction?
We are running Panos v 4.1.0 and globalprotect client 1.1.1. We use Radius on windows 2008 server and pan agent to authenticate.
Thanks in advance,
James
01-21-2012 06:51 AM
You are not the only one having this issue.
We have a couple PA-500s in our environment and upon upgrading to 4.1.2 from 4.0.5 Apps-and-Threats 288-1251 would fail to install and sync to the HA Peer. We also upgraded our GlobalProtect Client to version 1.1.1 from 1.0.5 and GlobalProtect stopped working externally. It would get hung up on "Connecting" and fail to connect. Upon testing, we reverted to our previously installed versions of GlobalProtect and Software and GlobalProtect then works. However, the "panupv2-all-contents-288-1251.tgz" still will not install properly and sync to the HA Peer.
Staying in our known working config until this gets fixed...
01-21-2012 01:28 PM
Kamish: I do hope you filed this as a bug to the support (or are you expecting other customers to do that? :P)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!