The GlobalProtect version we are using is 2.0.4 (the free single gateway version in on demand mode), the firewall is on 5.0.8. The problem I am hearing about is that some people are having trouble connecting, the icon spins and is not able to connect. They are able to hit the web so the plumbing is working good enough for http traffic but perhaps there are other issues. The only help from the firewall I can find is a log stating a disconnect for timeout. Is there any way for me to enable globalprotect logging on the client that I can retrieve myself without involving them in the process of asking them to enable it? Ideally I would like to enable debug logging and use the splunk forwarder to send the logs without any effort on their part. Is this possible?
Hello ldavie ,
You may try below mentioned document: Troubleshooting GlobalProtect, PAN-OS 4.1
Page No-10 (Section 7: How to Troubleshoot GlobalProtect Connection Issues )
Once the logs will be generated on the firewall, you have to find some way to send it to SPLUNK ( may be through a script). GP agent would not be able to send the data to any logging server.
Hope this helps.
Thanks Hulk, that much I already know. The trouble is that this is already too much to ask my users to do, I need to be able to do this remotely by having a way to configure this from the firewall, or a reg entry to set it always on, or something else so that I can pull and look at the logs whenever I need to without asking the users.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!