Globalprotect dissonnection issues

@Mick_Ball

Version of GP is 4.0 Pan OS is 7.1.13

Not sure about the red X - GP client logs on the client itself or on the firewall

when you say not sure about the red X, do you mean you don't know what I'm talking about or you haven't asked the users...

its not actually a red cross, it's a white cross in a red circle... (system tray icon)

perhaps it would be easier to say "how do they know that they have been disconnected".

yes client logs... 

just going for a smoke... but also...

what is auth method.

is connection on demand or always on

any cert auth involved

is this wifi or mobile data

laters.....

@Mick_Ball

He says that it say disconnected but didn't look for the red x, the connection is on-demand, we do have a cert involved, not mobile its a desktop, don't think it is wifi

@Mick_Ball

He does not reconnect, he ends up choosing to connect again through the client

"He does not reconnect, he ends up choosing to connect again through the client"

what i meant was.... was he able manually connect immediately or did it take a few attempts....

can we assume he is using the same portal/gateway address as other users without the issue....

are the users with the same issue all connecting from the same site..

probably teaching you to suck eggs but worth asking....

also... on your version of 7 do you have the option in the GP portal app for "restoration of VPN connection timeout"

I'm not sure when this was introduced...

if the "disconnected" pop up is visible then this will be recorded in the pangps.log from client.

@Mick_Ball

He was not able to immediately connect manually it took a few attempts

Yes he is using the same portal/gateway that I am, and I am having no issues. In fact I have my spare laptop on comcast connecting through the VPN and having no issues. It has been online for about 2 hours. No the two users that are having issues are connecting from home and they don't even live in the same town. 

I checked the portal/app tab and automatic restoration of VPN connection restore attempts (sec) is set to 30

Is this on the firewall pangps.log ? Or does it need to be collected through the client

@Mick_Ball

These are the logs he collected using the client trouble shooting logs PANGP-service, I read this as the client couldn't find or get to the portal to connect

(T8840) 02/16/18 04:07:21:375 Error(3259): UnsetRoutesV6: No route installed before

(T8840) 02/16/18 04:08:21:678 Error( 870): Server Error: Connect to portalIP:443 Failed
(T8840) 02/16/18 04:08:21:678 Error( 696): do_tcp_connect() failed
(T8840) 02/16/18 04:08:21:678 Error(3611): ConnectSSL: Failed to connect to 'portalIP:443'
(T8840) 02/16/18 04:08:21:678 Error(3642): ConnectSSL(FALSE) failed
(T8840) 02/16/18 04:08:21:678 Error(2130): Disconnect: Logout() failed
(T4400) 02/16/18 04:09:10:046 Error(1128): Failed to X509_LOOKUP_load_file
(T4400) 02/16/18 04:09:10:616 Error(2170): failed to retrieve client certificate passphrase. return false.
(T4400) 02/16/18 04:09:10:616 Error(5131): Failed to export client cert.
(T9784) 02/16/18 04:09:10:627 Error(9092): GetClientIpForGateway(): invalid remote host: .
(T9784) 02/16/18 04:09:10:627 Error( 178): CPanGatewayList::SelectInternalGateways() - failed to retrieve client source ipv6!
(T9784) 02/16/18 04:09:10:707 Error(1128): Failed to X509_LOOKUP_load_file
(T9784) 02/16/18 04:09:21:197 Error(1128): Failed to X509_LOOKUP_load_file
(T10404) 02/16/18 04:09:23:693 Error(1152): CheckDriverData() failed
00000000: 01 80 c2 00 00 0e 02 50 41 00 00 01 88 cc 02 07
00000010: 04 02 50 41 00 00 01 04 07 03 02 50 41 00 00 01
00000020: 06 02 0e 11 fe 09 00 12 0f 01 03 00 01 00 00 fe
00000030: 07 00 12 bb 01 00 01 01 00 00 ........ ..
(T10404) 02/16/18 04:09:24:693 Error(1152): CheckDriverData() failed
00000000: 01 80 c2 00 00 0e 02 50 41 00 00 01 88 cc 02 07
00000010: 04 02 50 41 00 00 01 04 07 03 02 50 41 00 00 01
00000020: 06 02 0e 11 fe 09 00 12 0f 01 03 00 01 00 00 fe
00000030: 07 00 12 bb 01 00 01 01 00 00 ........ ..
(T10404) 02/16/18 04:09:25:694 Error(1152): CheckDriverData() failed
00000000: 01 80 c2 00 00 0e 02 50 41 00 00 01 88 cc 02 07
00000010: 04 02 50 41 00 00 01 04 07 03 02 50 41 00 00 01
00000020: 06 02 0e 11 fe 09 00 12 0f 01 03 00 01 00 00 fe
00000030: 07 00 12 bb 01 00 01 01 00 00 ........ ..
(T5660) 02/16/18 04:11:22:240 Error(3259): UnsetRoutesV6: No route installed b

sorry, yes from the GP client on the PC.

it may be of some help to ask them to monitor connects/disconnect times on a particular day and send you the details and logs.

this would save trawling through all the spurious messages that those logs collect....

the first thing i do when a users connection attempt fails is to open thier browser and https to the portal.

if they get a "page cannot be displayed" then GP has no chance...

going on your info thus far I'm heading towards crappy home network/adsl etc....  

ok just seen that you have posted again.... will take a look....

@jdprovine,

From the last logs it looks like he can't actually connect to the portal, which would be a pretty big issue. I'd have to look at my logs to verify, but I don't think it should show as 'portallIP:433' in the logs, it should show the actual IP/hostname it's trying to connect to. 

@BPry

I took the IP out for security reasons, it is the correct IP address and he is failing to connect to it. So is that a failure on the users side or the PA's side

@jdprovine,

Generally it would be on the user side, not the PA. Can the user access the Portal directly through a browser when he is experiancing issues?