GlobalProtect has DNS issues after waking from sleep mode

cancel
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect has DNS issues after waking from sleep mode

L2 Linker

GlobalProtect on Windows.  User locks computer and computer goes to sleep. They return and unlock.   If GlobalProtect has disconnected while in sleep mode, they user reconnects succsfully.  User's drive mapping fail and apps fail.  Pings name of server and that fails.  PIngs IP address of server succeeds.  Restarts PC and everything is fine again.

 

Whats going on?

7 REPLIES 7

L7 Applicator

What version of client do you have.  When device wakes from sleep mode or switches from lan to wifi the client tries to reconnect to the previous gateway and some routing/domain issues seem to take place.

 

the same issue applies when using domain split tunnel exclusions.

 

have you tried a GP refresh before a reboot, are you above V5.1.

We have 5.2.9 , we have tried GP refresh connection, it sometimes fixes the issue but ideally we want the GP to restore connection after sleep without user having to refresh/reboot.

 

What is the fix for the issue you mentioned? 

"


@MickBall wrote:

 When device wakes from sleep mode or switches from lan to wifi the client tries to reconnect to the previous gateway and some routing/domain issues seem to take place.

 

the same issue applies when using domain split tunnel exclusions.

 

Cyber Elite
Cyber Elite

@HoomanF,

You shouldn't be running into any issues with 5.2.9. I would recommend that you look at your client logs on an endpoint and see if they give you any clear errors in addition to checking your traffic logs and see if you have any traffic being received by the firewall. 

I am running into identical issues with GP client versions 5.2.8 - 5.2.10 and the latest 6.0.  It seems to be DNS related as it also shows that we are running from a "cached profile" where before it would show portal gateways as "connected".  We haven't changed our configurations in regards to pre-login and always-on for at least a year and a half and we have double and triple checked our configs (we have a ticket open with TAC on this now), we have split tunneled the portal/gateway IP addresses and domains), and just noticed the reconnect and portal cache issues recently (last 3-4 months).

 

If anyone found a fix for this please share.

L0 Member

We are having a ton of complaints about this same issue, but not sure if that's something related to the computer or the app itself. If someone has a fix on this, would be appreciated. I have the same issues as Minsemier explained.

Is your Pre-Logon Tunnel Rename Timeout set to -1 or something different?  We noticed that we can successfully reach the GlobalProtect portal perfectly when this is set to 0 which is not a graceful switch from pre-logon to user logon.  Setting this back to -1 immediately re-introduces the "Cached Profile Config" issue.  Additionally, we also have the issue where waking up from sleep the machine will not reconnect until a reboot.  

I do have a TAC case open with Palo Alto but I am getting a bit of a runaround there trying to get to someone that truly understands GP.

Hi Mlinsemier,

 

Thanks for your response.

Yep, Pre-Logon Tunnel Rename Timeout is set as default with - 1 and the User Switch Tunnel Rename Timeout is set as 0, We have users under Windows and Mac, but the users with MAC computers mostly are facing this issue. They can reproduce the issue when they are just closing the lid at the end of the shift, but once they are turning it on again, GP is spinning only.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!