Globalprotect dissonnection issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Globalprotect dissonnection issues

L4 Transporter

I have a couple of users who say that when on the GP VPN client it disconnects them multiple times and I have not been able to reproduce their issues.

The only thing I have found so far is this in the system logs "globalprotect gateway user login failed. error existing user session found"

 

collected logs on the client and nothing really stands out. any ideas would be appreciated

43 REPLIES 43

anywhere between the user and your Palo......

 

can you not just sack him and close the call?

@jdprovine,

I like @Mick_Ball's suggestion. 

get him to https to the portal when it fails....   see what happens

@Mick_Ball

 

Well since he is my co-worker and a senior sys admin I don't think that is a choice 🙂

@BPry @Mick_Ball

 

I like MickBall's suggestion too, it the best I have heard so far. Its such a crap shoot when you are talking about people remoting in from home, on their ISP and expecting everything to be equal to being on site 😛

But is it also possible that  the ISP drops the connection between the user and the PA, the connection on the PA does not close correctly, and it won't let him reuse the connection so to speak.

@jdprovine,

While it isn't unheard of, it's oftly unheard of to have a ISP drop SSL VPN connections. 

No, when an existing session is found, the PA clears that session and allows the newer one...

 

you said that you can see this in your logs, look a bit further up and you should see the PA kicking him off to allow new connection

@BPry

But his ISP could be iffy and heavens knows I can't control that, and on the other hand I don't have these issues he has from my home

@Mick_Ball

 

I could seem him disconnecting but not logging off. You mentioned something about having to try a few times before being able to reconnect, what would case that?

so... invite him round for a cup of tea and see how he gets on....   surely he must connect from other sites/wifi...  what happens then...

@Mick_Ball

I have an outside line in my office(cable modem) and I want him to connect to(and have ask him too) it and see how it goes.  He can get his own tea LOL bwahahahaha - now we are all just loosing it 

You mentioned something about having to try a few times before being able to reconnect, what would case that?

 

a short break in comms...

i was going to say dns fail but the pangps is aware of his ip.

 

it's truly a guessing game... you need to ask him, does this only happen from his home....   can he test wifi at work?

just get him to tether to his phone...

 

anyhows... looking forward to the outcome....

 

laters...

@Mick_Ball

He is on internally right now and as far as I know its working fine. I need to hook him up  to my cable modem with a machine he has tried at home and see what happens - minus the tea LOL

 

short break in comms? not sure I understand, you mean short break in being able to connect to the portal

@jdprovine

 

short break in comms? not sure I understand, you mean short break in being able to connect to the portal

 

 

 

sorry to keep adding your questions but seems like im answering my own posts as they are flying today....

 

well yes, but it could be that GP itself is having an issue, it may be that browsing to the site works well but GP loses the plot..

 

thats why you neeed to A) test the browser when GP is failing, and B) try another connection from different ISP.

 

lets face it... if you unplugged his connection for 10 mins you would see the same behaviour, this would be due to a total loss of comms but you need to determine at what point this is happening.. home network, dodgy cable, adsl, isp, act of god.

 

sorry to digress but we have all manner of reasons why this sometimes happens... but i have never known it to be an issue at the PA end unless all users are affected.  (this was due to asymetric routing but thats a different kettle of poisson..)

 

good luck

 

  • 17268 Views
  • 43 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!