Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-05-2014 02:02 PM
Hello,
The GlobalProtect version we are using is 2.0.4 (the free single gateway version in on demand mode), the firewall is on 5.0.8. The problem I am hearing about is that some people are having trouble connecting, the icon spins and is not able to connect. They are able to hit the web so the plumbing is working good enough for http traffic but perhaps there are other issues. The only help from the firewall I can find is a log stating a disconnect for timeout. Is there any way for me to enable globalprotect logging on the client that I can retrieve myself without involving them in the process of asking them to enable it? Ideally I would like to enable debug logging and use the splunk forwarder to send the logs without any effort on their part. Is this possible?
11-06-2014 01:40 PM
I'm going to answer my own question...
It looks like the log files are always enabled and being updated in program files\palo alto networks\globalprotect. In this folder are all of the log files ready for the taking.
11-05-2014 02:18 PM
Hello ldavie ,
You may try below mentioned document: Troubleshooting GlobalProtect, PAN-OS 4.1
Page No-10 (Section 7: How to Troubleshoot GlobalProtect Connection Issues )
Once the logs will be generated on the firewall, you have to find some way to send it to SPLUNK ( may be through a script). GP agent would not be able to send the data to any logging server.
Hope this helps.
Thanks
11-05-2014 02:24 PM
Hello ldavie
You can open GP client window and go to Advance view. Then start logging on the client:
PanGPA/PanGPS logs will be available at C:\Program Files\Palo Alto Networks\GlobalProtect
Hope this helps.
Thanks
11-05-2014 02:57 PM
Thanks Hulk, that much I already know. The trouble is that this is already too much to ask my users to do, I need to be able to do this remotely by having a way to configure this from the firewall, or a reg entry to set it always on, or something else so that I can pull and look at the logs whenever I need to without asking the users.
11-06-2014 01:40 PM
I'm going to answer my own question...
It looks like the log files are always enabled and being updated in program files\palo alto networks\globalprotect. In this folder are all of the log files ready for the taking.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
