GlobalProtect Internal not getting User-ID

Reply
Highlighted
L4 Transporter

GlobalProtect Internal not getting User-ID

I have internal globalprotect setup on a system, but i don't see any user-ID associated with that system IP. It is configured to save credentials. User-id is configured on zone and interface management profile as well. 

Highlighted
L4 Transporter

Any suggestions, I have checked subnet range is not in the UID exclusion list as well

Highlighted
L3 Networker

Hi @raji_toor,

 

Tough to say as multiple factors may play a role and information is scarce.

I would guess that machine with GlobalProtect was moved from External to Internal Network in a way that did not trigger Network Discovery so Internal Gateway was never contacted.

 

But troubleshooting should start from inspecting the GlobalProtect Agent/Service logs from the system in question.

L4 Transporter

@ACieszkowski This is a new setup, but there is also not much to configure for internal host detection as i see it. External gateway works fine. I have tried both by creating an internal gateway and without internal gateway as well. It doesn't matter if its moved while logged on externally or system is booted fresh on internal. Below are some screenshots and logs.

 image.png

Logs from client

_________________________________________

(T16144)Debug( 548): 07/10/20 00:50:17:398 WscCallback
(T16144)Debug( 550): 07/10/20 00:50:17:398 SetWscEvent
(T1196)Debug( 426): 07/10/20 00:50:20:409 before check wsc
(T1196)Debug( 380): 07/10/20 00:50:20:409 wsc-autodetect is enabled
(T1196)Debug( 429): 07/10/20 00:50:20:409 CheckWsc
(T1196)Debug( 455): 07/10/20 00:50:20:409 CheckWsc is called.
(T1196)Debug( 469): 07/10/20 00:50:20:409 WscCallback: health state change not detected. Ignore this one.
(T5684)Info ( 501): 07/10/20 00:54:51:197 msgtype = portal
(T5684)Debug(2110): 07/10/20 00:54:51:197 ----portal processing starts----
(T5684)Debug(2132): 07/10/20 00:54:51:197 User profile type is 0(not roaming)
(T5684)Debug(2153): 07/10/20 00:54:51:197 pg, source = 0, old source is 0
(T5684)Debug(2175): 07/10/20 00:54:51:197 pg, preferred gateway not set in message, old prefergateway=:)
(T5684)Debug(2232): 07/10/20 00:54:51:197 CheckUpdate is false.
)(T5684)Debug(2247): 07/10/20 00:54:51:197 portal-certificate-verification is yes
(T5684)Debug(2287): 07/10/20 00:54:51:197 No saml-load-cache tag.
(T5684)Debug(2310): 07/10/20 00:54:51:197 no saml-auth-error tag.
(T5684)Debug(2321): 07/10/20 00:54:51:197 allow-cached-portal is yes
(T5684)Debug(2364): 07/10/20 00:54:51:197 NewWinUser is detect.company.com, WinUser is detect.company.com, PreviousSwitchOffMsg is false
(T5684)Debug(2365): 07/10/20 00:54:51:197 GetPrelogonStatus() 3, m_userName detect.company.com, m_preUsername ___empty_username___
(T5684)Debug(3108): 07/10/20 00:54:51:197 Grace period is 0
(T5684)Debug(6327): 07/10/20 00:54:51:197 StopThreads starts:
(T5684)Debug(6334): 07/10/20 00:54:51:197 There are 5 threads running...
(T5684)Debug(1349): 07/10/20 00:54:51:197 Logging out gateway, reason is StopThreads
(T5684)Debug(1388): 07/10/20 00:54:51:197 Logging out gateway over
(T5684)Debug(6344): 07/10/20 00:54:51:197 Going to wait all threads exit...
(T9432)Debug(6098): 07/10/20 00:54:51:197 NetworkConnectionMonitorThread: got exit event.
(T14976)Debug(4860): 07/10/20 00:54:51:197 CaptivePortalDetectionThread: got exit event.
(T14976)Debug(5024): 07/10/20 00:54:51:197 CaptivePortalDetectionThread: captive portal detection thread exit status is (successful).
(T404)Debug(4659): 07/10/20 00:54:51:197 NotificationTimerThread: got exit event.
(T9432)Debug(6113): 07/10/20 00:54:51:197 NetworkConnectionMonitorThread: quits.
(T2524)Debug(5109): 07/10/20 00:54:51:197 NetworkDiscoverThread: got exit event.
(T2524)Debug(5527): 07/10/20 00:54:51:197 NetworkDiscoverThread: quits.
(T13196)Debug(5660): 07/10/20 00:54:51:197 HipReportThread: got exit event.
(T13196)Debug(5959): 07/10/20 00:54:51:197 HipReportThread: HipReportThread quits.
(T5684)Debug(6348): 07/10/20 00:54:51:298 threads are gracefully stopped, counter=599.
(T5684)Debug(6361): 07/10/20 00:54:51:298 Double check all threads.
(T5684)Debug(6407): 07/10/20 00:54:51:298 To reset thread quit event.
(T13188)Debug( 242): 07/10/20 00:54:51:298 HipCheckThread: got thread exit event.
(T1196)Debug( 418): 07/10/20 00:54:51:298 HipMonitor gets quit event.
(T1196)Debug( 435): 07/10/20 00:54:51:298 Unregister -- WscUnRegisterChanges
(T1196)Debug( 763): 07/10/20 00:54:51:300 HipMonitorThread quits.
(T13188)Debug( 287): 07/10/20 00:54:51:307 HipCheckThread: Hip check thread quits.
(T7764)Debug( 533): 07/10/20 00:54:51:315 HipMissingPatchThread: Hip check missiing patch thread quits.
(T5684)Debug( 132): 07/10/20 00:54:51:315 All hip collect threads quit gracefully.
(T5684)Debug(6417): 07/10/20 00:54:51:315 StopThreads ends.
(T5684)Debug(10607): 07/10/20 00:54:51:315 SetVpnStatus called with new status=0, Previous Status=1
(T5684)Debug(4028): 07/10/20 00:54:51:315 UpdatePrelogonStateForSSO() - User-logon tunnel state = Disconnected
(T5684)Debug(6291): 07/10/20 00:54:51:315 StartThreads starts:
(T5684)Debug( 25): 07/10/20 00:54:51:315 create thread 0x804 with thread ID 15756
(T5684)Debug( 25): 07/10/20 00:54:51:316 create thread 0x75c with thread ID 4428
(T5684)Debug( 25): 07/10/20 00:54:51:316 create thread 0x8e8 with thread ID 11304
(T5684)Debug( 25): 07/10/20 00:54:51:316 create thread 0x3c8 with thread ID 3928
(T15756)Debug(4502): 07/10/20 00:54:51:316 NotificationTimerThread: notification timer thread starts.
(T15756)Debug(4652): 07/10/20 00:54:51:316 NotificationTimerThread: wait (-1 ms) for notification timer event.
(T5684)Debug( 25): 07/10/20 00:54:51:316 create thread 0x9a4 with thread ID 9720
(T11304)Debug(5034): 07/10/20 00:54:51:316 NetworkDiscoverThread: network discover thread starts.
(T11304)Debug(5099): 07/10/20 00:54:51:316 NetworkDiscoverThread: wait for network discover event.
(T5684)Debug( 25): 07/10/20 00:54:51:316 create thread 0x768 with thread ID 14084
(T5684)Debug( 25): 07/10/20 00:54:51:316 create thread 0x93c with thread ID 956
(T5684)Debug( 25): 07/10/20 00:54:51:316 create thread 0x628 with thread ID 16312
(T3928)Debug(5619): 07/10/20 00:54:51:316 HipReportThread: HipReportThread starts up.
(T3928)Debug(5652): 07/10/20 00:54:51:316 HipReportThread: wait for HIP report ready event.
(T14084)Debug( 167): 07/10/20 00:54:51:316 Start HipCheckThread
(T14084)Debug( 210): 07/10/20 00:54:51:316 HipCheckThread started...
(T14084)Debug( 216): 07/10/20 00:54:51:316 HipCheckThread: wait for hip check event for 3600000 ms);
(T5684)Debug(2481): 07/10/20 00:54:51:316 No user, using SSO
(T9720)Debug(5967): 07/10/20 00:54:51:316 NetworkConnectionMonitorThread: network connection monitor thread starts.
(T5684)Debug(2541): 07/10/20 00:54:51:316 Portal vpn.company.com, user , logonDomain abc, saved user abc\detect.company.com, path C:\Users\detect.company.com\AppData\Local\Palo Alto Networks\GlobalProtect\
(T5684)Debug(2607): 07/10/20 00:54:51:316 use proxy is 1
(T5684)Debug(2665): 07/10/20 00:54:51:316 Pre-logon-then-on-demand value is no
(T5684)Debug(1469): 07/10/20 00:54:51:316 SSO starts.
(T4428)Debug(4698): 07/10/20 00:54:51:316 CaptivePortalDetectionThread: captive portal detection thread starts.
(T4428)Debug(4857): 07/10/20 00:54:51:316 CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
(T16312)Debug( 186): 07/10/20 00:54:51:316 Start HipMonitorThread
(T16312)Info ( 759): 07/10/20 00:54:51:316 HipMonitorThread starts
(T956)Debug( 176): 07/10/20 00:54:51:316 Start HipMissingPatchThread
(T956)Debug( 409): 07/10/20 00:54:51:316 HipMissingPatchThread started...
(T956)Debug( 442): 07/10/20 00:54:51:316 HipMissingPatchThread: now is 1594367691, last hip check is 1594364899, hip check interval is 3600000
(T956)Debug( 447): 07/10/20 00:54:51:316 HipMissingPatchThread: wait 808000 ms
(T5684)Info (1498): 07/10/20 00:54:51:316 SSO ----- PanCredGet failed with error Element not found.
(T5684)Debug(1509): 07/10/20 00:54:51:316 SSO GetSsoCredential starts.
(T5684)Info (1539): 07/10/20 00:54:51:316 SSO ----- PanCredGet failed with error Element not found.

(T5684)Debug(10067): 07/10/20 00:54:51:316 SSO password is empty
(T5684)Debug(2771): 07/10/20 00:54:51:316 Empty username
(T5684)Debug(2803): 07/10/20 00:54:51:316 m_preUsername detect.company.com
(T5684)Debug(10027): 07/10/20 00:54:51:316 Password is empty.
(T5684)Debug(7408): 07/10/20 00:54:51:316 Empty user for GetCachedPortalCfgOldNewFileName
(T5684)Debug(2824): 07/10/20 00:54:51:316 CheckCachedPortalForPrelogon 0, PrelogonNeedTimeout 0, RenameTimeout -1, userName ___empty_username___, preUsername detect.company.com
(T5684)Debug(2977): 07/10/20 00:54:51:316 Use ssl tunnel is no
(T5684)Debug(2987): 07/10/20 00:54:51:316 bCheckCachedPortalForPrelogon: 0, m_bOnDemand: 0
(T5684)Debug(6450): 07/10/20 00:54:51:316 --Set state to Retrieving configuration...
(T5684)Debug(1929): 07/10/20 00:54:51:316 unknown network type.
(T16312)Debug( 413): 07/10/20 00:54:51:317 HipMonitorThread wait for exit event.
(T5684)Debug(12524): 07/10/20 00:54:51:328 Portal's ipv4 address 192.168.9.1
(T5684)Debug(7508): 07/10/20 00:54:51:328 SSO enable status is 1, user name is ___empty_username___, domain name is .
(T5684)Debug(2131): 07/10/20 00:54:51:328 open http session. agent is PAN GlobalProtect/5.1.4-45 (Microsoft Windows 10 Enterprise , 64-bit)
(T5684)Debug( 456): 07/10/20 00:54:51:329 winhttp SetSecureProtocol, hSession=212af350, bAllProtocol=0, gbFips=0
(T5684)Debug( 456): 07/10/20 00:54:51:329 winhttp SetSecureProtocol, hSession=212aec90, bAllProtocol=0, gbFips=0
(T5684)Debug(1604): 07/10/20 00:54:51:330 SetProxyForHost(https://vpn.company.com/ timeout:5 AutoDetect:1 url: proxy: bypass: proxystr:
(T5684)Debug(6495): 07/10/20 00:54:51:333 ----Portal Pre-login starts----
(T5684)Debug(4732): 07/10/20 00:54:51:333 TriggerCaptivePortalDetection() return due to captive portal detection is in progress (0) or PreLogin is Done (1)
(T5684)Debug( 550): 07/10/20 00:54:51:337 Network is reachable
(T5684)Debug(6528): 07/10/20 00:54:51:338 Pre-login...,verifyportalcert=yes
(T5684)Debug(10455): 07/10/20 00:54:51:338 Check cert of server 192.168.9.1
(T5684)Debug( 779): 07/10/20 00:54:51:339 SSL connecting to 192.168.9.1
(T5684)Debug( 550): 07/10/20 00:54:51:342 Network is reachable
(T5684)Debug(1285): 07/10/20 00:54:51:361 Unable to verify server cert. Result is unable to get local issuer certificate
(T5684)Debug( 365): 07/10/20 00:54:51:361 Open_SSL_connection: subject '/C=CA/ST=British Columbia/L=North Vancouver/O=Capilano University/OU=IT Services/CN=*.company.com'
(T5684)Debug( 369): 07/10/20 00:54:51:361 Open_SSL_connection: issuer '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA'
(T5684)Debug(1113): 07/10/20 00:54:51:361 Name vpn.company.com matches pattern *.company.com
(T5684)Debug( 967): 07/10/20 00:54:51:361 Hostname vpn.company.com matches sub alt name *.company.com
(T5684)Debug(1322): 07/10/20 00:54:51:361 OpenSSL alert write:warning:close notify
(T5684)Debug(2574): 07/10/20 00:54:51:361 encpostdata, encpostdata=00000198218E24D0, encpostdatalen=160
(T5684)Debug(2744): 07/10/20 00:54:51:361 REQID=15,IPADDR=vpn.company.com,PORT=443,URL=/global-protect/prelogin.esp,POST=1,PROXY_AUTO=1,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=1,ADDITIONAL_CHECK=1,SCEP_CERT=,oid=
(T5684)Debug(1503): 07/10/20 00:54:51:361 Send response to client for request https_request
(T5684)Debug(2854): 07/10/20 00:54:51:462 receive pan_msg_ping, 3
(T5684)Debug(6639): 07/10/20 00:54:51:572 prelogin to portal result is
<?xml version="1.0" encoding="UTF-8" ?>
<prelogin-response>
<status>Success</status>
<ccusername></ccusername>
<autosubmit>false</autosubmit>
<msg></msg>
<newmsg></newmsg>
<authentication-message>Enter abc\ login credentials</authentication-message>
<username-label>abc\Username</username-label>
<password-label>Password</password-label>
<panos-version>1</panos-version><region>10.0.0.0-10.255.255.255</region>
</prelogin-response>
(T5684)Debug(6674): 07/10/20 00:54:51:572 REGION-PRIO, region code is 10.0.0.0-10.255.255.255
(T5684)Debug(12330): 07/10/20 00:54:51:572 REGION-PRIO, save region code 10.0.0.0-10.255.255.255
(T5684)Debug(6741): 07/10/20 00:54:51:572 Portal authentication-message is Enter abc\ login credentials
(T5684)Debug(6757): 07/10/20 00:54:51:572 autosubmit is false
(T5684)Debug(8316): 07/10/20 00:54:51:572 ----Portal Login starts----
(T5684)Debug( 312): 07/10/20 00:54:51:572 No need to decrypt data with length 0
(T5684)Debug(7408): 07/10/20 00:54:51:572 Empty user for GetCachedPortalCfgOldNewFileName
(T5684)Debug(8349): 07/10/20 00:54:51:572 "___empty_username___" and empty cc user name and empty portal user auth cookie.
(T5684)Debug(8352): 07/10/20 00:54:51:572 Set skip next switch off flag.
(T5684)Debug(7736): 07/10/20 00:54:51:573 portal status is User authentication failed.
(T5684)Debug(6450): 07/10/20 00:54:51:573 --Set state to Disconnected
(T5684)Debug(1929): 07/10/20 00:54:51:573 unknown network type.
(T5684)Debug(1026): 07/10/20 00:54:51:573 Display hip report V4 on the UI
(T5684)Debug(1503): 07/10/20 00:54:51:573 Send response to client for request user_credential
(T5684)Info ( 501): 07/10/20 00:54:52:085 msgtype = user_credential
(T5684)Debug(3133): 07/10/20 00:54:52:085 ServerThread: ProcessServerUserCredential. Redirect to processServerPortal.
(T5684)Debug(2110): 07/10/20 00:54:52:085 ----portal processing starts----
(T5684)Debug(2132): 07/10/20 00:54:52:085 User profile type is 0(not roaming)
(T5684)Debug(2153): 07/10/20 00:54:52:085 pg, source = 2, old source is 0
(T5684)Debug(2175): 07/10/20 00:54:52:085 pg, preferred gateway not set in message, old prefergateway=:)
(T5684)Debug(2232): 07/10/20 00:54:52:085 CheckUpdate is false.
)(T5684)Debug(2247): 07/10/20 00:54:52:085 portal-certificate-verification is yes
(T5684)Debug(2287): 07/10/20 00:54:52:085 No saml-load-cache tag.
(T5684)Debug(2310): 07/10/20 00:54:52:085 no saml-auth-error tag.
(T5684)Debug(2321): 07/10/20 00:54:52:085 allow-cached-portal is yes
(T5684)Debug(2364): 07/10/20 00:54:52:085 NewWinUser is detect.company.com, WinUser is detect.company.com, PreviousSwitchOffMsg is false
(T5684)Debug(2365): 07/10/20 00:54:52:085 GetPrelogonStatus() 3, m_userName ___empty_username___, m_preUsername detect.company.com
(T5684)Debug(3108): 07/10/20 00:54:52:085 Grace period is 0
(T5684)Debug(6327): 07/10/20 00:54:52:085 StopThreads starts:
(T5684)Debug(6334): 07/10/20 00:54:52:085 There are 5 threads running...
(T5684)Debug(1349): 07/10/20 00:54:52:085 Logging out gateway, reason is StopThreads
(T5684)Debug(1388): 07/10/20 00:54:52:085 Logging out gateway over
(T5684)Debug(6344): 07/10/20 00:54:52:085 Going to wait all threads exit...
(T3928)Debug(5660): 07/10/20 00:54:52:085 HipReportThread: got exit event.
(T9720)Debug(6098): 07/10/20 00:54:52:085 NetworkConnectionMonitorThread: got exit event.
(T3928)Debug(5959): 07/10/20 00:54:52:085 HipReportThread: HipReportThread quits.
(T4428)Debug(4860): 07/10/20 00:54:52:085 CaptivePortalDetectionThread: got exit event.
(T4428)Debug(5024): 07/10/20 00:54:52:085 CaptivePortalDetectionThread: captive portal detection thread exit status is (successful).
(T9720)Debug(6113): 07/10/20 00:54:52:085 NetworkConnectionMonitorThread: quits.
(T11304)Debug(5109): 07/10/20 00:54:52:085 NetworkDiscoverThread: got exit event.
(T11304)Debug(5527): 07/10/20 00:54:52:085 NetworkDiscoverThread: quits.
(T15756)Debug(4659): 07/10/20 00:54:52:085 NotificationTimerThread: got exit event.
(T5684)Debug(6348): 07/10/20 00:54:52:195 threads are gracefully stopped, counter=599.
(T5684)Debug(6361): 07/10/20 00:54:52:195 Double check all threads.
(T5684)Debug(6407): 07/10/20 00:54:52:195 To reset thread quit event.
(T16312)Debug( 418): 07/10/20 00:54:52:195 HipMonitor gets quit event.
(T14084)Debug( 242): 07/10/20 00:54:52:195 HipCheckThread: got thread exit event.
(T16312)Debug( 435): 07/10/20 00:54:52:195 Unregister -- WscUnRegisterChanges
(T14084)Debug( 287): 07/10/20 00:54:52:195 HipCheckThread: Hip check thread quits.
(T956)Debug( 533): 07/10/20 00:54:52:195 HipMissingPatchThread: Hip check missiing patch thread quits.
(T16312)Debug( 763): 07/10/20 00:54:52:211 HipMonitorThread quits.
(T5684)Debug( 132): 07/10/20 00:54:52:211 All hip collect threads quit gracefully.
(T5684)Debug(6417): 07/10/20 00:54:52:211 StopThreads ends.
(T5684)Debug(6291): 07/10/20 00:54:52:211 StartThreads starts:
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x8a4 with thread ID 12220
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x848 with thread ID 9244
(T12220)Debug(4502): 07/10/20 00:54:52:211 NotificationTimerThread: notification timer thread starts.
(T12220)Debug(4652): 07/10/20 00:54:52:211 NotificationTimerThread: wait (-1 ms) for notification timer event.
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x3d4 with thread ID 13168
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x890 with thread ID 11556
(T13168)Debug(5034): 07/10/20 00:54:52:211 NetworkDiscoverThread: network discover thread starts.
(T13168)Debug(5099): 07/10/20 00:54:52:211 NetworkDiscoverThread: wait for network discover event.
(T9244)Debug(4698): 07/10/20 00:54:52:211 CaptivePortalDetectionThread: captive portal detection thread starts.
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x68c with thread ID 13876
(T9244)Debug(4857): 07/10/20 00:54:52:211 CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
(T11556)Debug(5619): 07/10/20 00:54:52:211 HipReportThread: HipReportThread starts up.
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x780 with thread ID 13936
(T11556)Debug(5652): 07/10/20 00:54:52:211 HipReportThread: wait for HIP report ready event.
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x978 with thread ID 6424
(T13876)Debug(5967): 07/10/20 00:54:52:211 NetworkConnectionMonitorThread: network connection monitor thread starts.
(T5684)Debug( 25): 07/10/20 00:54:52:211 create thread 0x8a8 with thread ID 10644
(T13936)Debug( 167): 07/10/20 00:54:52:211 Start HipCheckThread
(T13936)Debug( 210): 07/10/20 00:54:52:211 HipCheckThread started...
(T13936)Debug( 216): 07/10/20 00:54:52:211 HipCheckThread: wait for hip check event for 3600000 ms);
(T10644)Debug( 186): 07/10/20 00:54:52:211 Start HipMonitorThread
(T10644)Info ( 759): 07/10/20 00:54:52:211 HipMonitorThread starts
(T5684)Debug(2427): 07/10/20 00:54:52:211 No user home path in portal message.
(T6424)Debug( 176): 07/10/20 00:54:52:211 Start HipMissingPatchThread
(T5684)Debug(2541): 07/10/20 00:54:52:211 Portal vpn.company.com, user abc\detect.company.com, logonDomain abc, saved user abc\detect.company.com, path C:\Users\detect.company.com\AppData\Local\Palo Alto Networks\GlobalProtect\
(T6424)Debug( 409): 07/10/20 00:54:52:211 HipMissingPatchThread started...
(T5684)Debug(2607): 07/10/20 00:54:52:211 use proxy is 1
(T6424)Debug( 442): 07/10/20 00:54:52:211 HipMissingPatchThread: now is 1594367692, last hip check is 1594364899, hip check interval is 3600000
(T5684)Debug(2665): 07/10/20 00:54:52:211 Pre-logon-then-on-demand value is no
(T6424)Debug( 447): 07/10/20 00:54:52:211 HipMissingPatchThread: wait 807000 ms
(T5684)Debug(1509): 07/10/20 00:54:52:211 SSO GetSsoCredential starts.
(T5684)Info (1539): 07/10/20 00:54:52:211 SSO ----- PanCredGet failed with error Element not found.

(T5684)Debug(10067): 07/10/20 00:54:52:211 SSO password is empty
(T5684)Debug(2803): 07/10/20 00:54:52:211 m_preUsername ___empty_username___
(T5684)Debug(2824): 07/10/20 00:54:52:211 CheckCachedPortalForPrelogon 0, PrelogonNeedTimeout 0, RenameTimeout -1, userName detect.company.com, preUsername ___empty_username___
(T5684)Debug(2977): 07/10/20 00:54:52:211 Use ssl tunnel is no
(T5684)Debug(2987): 07/10/20 00:54:52:211 bCheckCachedPortalForPrelogon: 0, m_bOnDemand: 0
(T5684)Debug(6450): 07/10/20 00:54:52:211 --Set state to Retrieving configuration...
(T5684)Debug(1929): 07/10/20 00:54:52:211 unknown network type.
(T5684)Debug(1026): 07/10/20 00:54:52:211 Display hip report V4 on the UI
(T10644)Debug( 413): 07/10/20 00:54:52:211 HipMonitorThread wait for exit event.
(T5684)Debug(12524): 07/10/20 00:54:52:211 Portal's ipv4 address 192.168.9.1
(T5684)Debug(7508): 07/10/20 00:54:52:211 SSO enable status is 0, user name is detect.company.com, domain name is abc.
(T5684)Debug(2131): 07/10/20 00:54:52:211 open http session. agent is PAN GlobalProtect/5.1.4-45 (Microsoft Windows 10 Enterprise , 64-bit)
(T5684)Debug( 456): 07/10/20 00:54:52:211 winhttp SetSecureProtocol, hSession=212af7d0, bAllProtocol=0, gbFips=0
(T5684)Debug( 456): 07/10/20 00:54:52:211 winhttp SetSecureProtocol, hSession=212aec90, bAllProtocol=0, gbFips=0
(T5684)Debug(1604): 07/10/20 00:54:52:211 SetProxyForHost(https://vpn.company.com/ timeout:5 AutoDetect:1 url: proxy: bypass: proxystr:
(T5684)Debug(6495): 07/10/20 00:54:52:211 ----Portal Pre-login starts----
(T5684)Debug(4732): 07/10/20 00:54:52:211 TriggerCaptivePortalDetection() return due to captive portal detection is in progress (0) or PreLogin is Done (1)
(T5684)Debug( 550): 07/10/20 00:54:52:226 Network is reachable
(T5684)Debug(6528): 07/10/20 00:54:52:226 Pre-login...,verifyportalcert=yes
(T5684)Debug(10455): 07/10/20 00:54:52:226 Check cert of server 192.168.9.1
(T5684)Debug( 779): 07/10/20 00:54:52:226 SSL connecting to 192.168.9.1
(T5684)Debug( 550): 07/10/20 00:54:52:226 Network is reachable
(T5684)Debug(1285): 07/10/20 00:54:52:266 Unable to verify server cert. Result is unable to get local issuer certificate
(T5684)Debug( 365): 07/10/20 00:54:52:267 Open_SSL_connection: subject '/C=CA/ST=British Columbia/L=North Vancouver/O=Capilano University/OU=IT Services/CN=*.company.com'
(T5684)Debug( 369): 07/10/20 00:54:52:267 Open_SSL_connection: issuer '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA'
(T5684)Debug(1113): 07/10/20 00:54:52:267 Name vpn.company.com matches pattern *.company.com
(T5684)Debug( 967): 07/10/20 00:54:52:267 Hostname vpn.company.com matches sub alt name *.company.com
(T5684)Debug(1322): 07/10/20 00:54:52:267 OpenSSL alert write:warning:close notify
(T5684)Debug(2574): 07/10/20 00:54:52:267 encpostdata, encpostdata=00000198218E24D0, encpostdatalen=160
(T5684)Debug(2744): 07/10/20 00:54:52:267 REQID=16,IPADDR=vpn.company.com,PORT=443,URL=/global-protect/prelogin.esp,POST=1,PROXY_AUTO=1,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=1,ADDITIONAL_CHECK=1,SCEP_CERT=,oid=
(T5684)Debug(1503): 07/10/20 00:54:52:268 Send response to client for request https_request
(T5684)Debug(2854): 07/10/20 00:54:52:398 receive pan_msg_ping, 3
(T5684)Debug(6639): 07/10/20 00:54:52:491 prelogin to portal result is
<?xml version="1.0" encoding="UTF-8" ?>
<prelogin-response>
<status>Success</status>
<ccusername></ccusername>
<autosubmit>false</autosubmit>
<msg></msg>
<newmsg></newmsg>
<authentication-message>Enter abc\ login credentials</authentication-message>
<username-label>abc\Username</username-label>
<password-label>Password</password-label>
<panos-version>1</panos-version><region>10.0.0.0-10.255.255.255</region>
</prelogin-response>
(T5684)Debug(6674): 07/10/20 00:54:52:491 REGION-PRIO, region code is 10.0.0.0-10.255.255.255
(T5684)Debug(12330): 07/10/20 00:54:52:491 REGION-PRIO, save region code 10.0.0.0-10.255.255.255
(T5684)Debug(6741): 07/10/20 00:54:52:491 Portal authentication-message is Enter abc\ login credentials
(T5684)Debug(6757): 07/10/20 00:54:52:491 autosubmit is false
(T5684)Debug(8316): 07/10/20 00:54:52:491 ----Portal Login starts----
(T5684)Debug(2043): 07/10/20 00:54:52:491 Portal config digest is retrieved from file C:\Users\detect.company.com\AppData\Local\Palo Alto Networks\GlobalProtect\PanPCD_757f0b2cb2cf33971ecc05ded976bc9.dat.
(T5684)Debug(2044): 07/10/20 00:54:52:491 Portal config digest is e066d0a79e88de641d52b7da136b2b2c
(T5684)Debug( 41): 07/10/20 00:54:52:491 Roaming profile is false
(T5684)Debug( 167): 07/10/20 00:54:52:491 profileInfo username detect.company.com, profile path (null), server (null)
(T5684)Debug(1909): 07/10/20 00:54:52:491 Unserialized empty cookie for portal vpn.company.com and user detect.company.com
(T5684)Debug(1838): 07/10/20 00:54:52:491 Unserialized empty cookie for portal vpn.company.com and pre-logon user.
(T5684)Debug(8375): 07/10/20 00:54:52:491 IsInPrelogon() 0, GetPrelogonStatus() 3
(T5684)Debug(6992): 07/10/20 00:54:52:491 use cached deviceSN
(T5684)Debug(6992): 07/10/20 00:54:52:491 use cached deviceSN
(T5684)Debug( 323): 07/10/20 00:54:52:491 ClearHipCustomCheckInfo(): pHipCustomCheckInfo is NULL.
(T5684)Debug( 85): 07/10/20 00:54:52:491 ClearHipCustomCheckRegKeyInfo(): pHipCustomCheckRegKeyInfo is NULL.
(T5684)Debug( 567): 07/10/20 00:54:52:491 pan_read_text_from_file(): File does not exist. File: C:\Program Files\Palo Alto Networks\GlobalProtect\PanPortalCfgCriteria_757f0b2cb2cf33971ecc05ded976bc9.dat
(T5684)Debug( 77): 07/10/20 00:54:52:491 Portal config criteria is restored.
(T5684)Debug( 567): 07/10/20 00:54:52:491 pan_read_text_from_file(): File does not exist. File: C:\Program Files\Palo Alto Networks\GlobalProtect\PanPortalCfgCriteria_757f0b2cb2cf33971ecc05ded976bc9.dat
(T5684)Debug(8452): 07/10/20 00:54:52:491 m_szDomainAndUsername is abc\detect.company.com
(T5684)Debug(2574): 07/10/20 00:54:52:491 encpostdata, encpostdata=0000019821FE3640, encpostdatalen=448
(T5684)Debug(2744): 07/10/20 00:54:52:491 REQID=17,IPADDR=vpn.company.com,PORT=443,URL=/global-protect/getconfig.esp,POST=1,PROXY_AUTO=1,PROXY_CFGURL=NULL,PROXY=NULL,PROXY_BYPASS=NULL,PROXY_USER=NULL,PROXY_PASS=****,VERIFY_CERT=0,ADDITIONAL_CHECK=1,SCEP_CERT=,oid=
(T5684)Debug(1503): 07/10/20 00:54:52:491 Send response to client for request https_request
(T5684)Debug(2854): 07/10/20 00:54:52:632 receive pan_msg_ping, 1
(T5684)Debug(8580): 07/10/20 00:54:52:632 Portal config digest matched
(T5684)Debug( 41): 07/10/20 00:54:52:632 Roaming profile is false
(T5684)Debug( 167): 07/10/20 00:54:52:632 profileInfo username detect.company.com, profile path (null), server (null)
(T5684)Debug(12991): 07/10/20 00:54:52:647 Saved cache portal configuration hash does not exist
(T5684)Debug(8583): 07/10/20 00:54:52:647 Restored cached portal config
(T5684)Debug(1923): 07/10/20 00:54:52:647 Serialize empty cookie for portal vpn.company.com and user detect.company.com
(T5684)Debug( 41): 07/10/20 00:54:52:647 Roaming profile is false
(T5684)Debug( 167): 07/10/20 00:54:52:663 profileInfo username detect.company.com, profile path (null), server (null)
(T5684)Debug(2015): 07/10/20 00:54:52:663 Serialized portal user auth cookie to file C:\Users\detect.company.com\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_757f0b2cb2cf33971ecc05ded976bc9.dat. 162 bytes.
(T5684)Debug(12955): 07/10/20 00:54:52:663 Updated portal-prelogonuserauthcookie
(T5684)Debug(12918): 07/10/20 00:54:52:663 New xml does not contain scep-cert-auth-cookie
(T5684)Debug( 75): 07/10/20 00:54:52:663 No <host> or <ip-address> in internal-host-detection
(T5684)Debug( 814): 07/10/20 00:54:52:663 REGION-PRIO, gateway 0(VPN-USER), 0, region = CA, priority = 1, portalRegion=10.0.0.0-10.255.255.255
(T5684)Debug( 814): 07/10/20 00:54:52:663 REGION-PRIO, gateway 0(VPN-USER), 1, region = 10.0.0.0-10.255.255.255, priority = 1, portalRegion=10.0.0.0-10.255.255.255
(T5684)Debug( 413): 07/10/20 00:54:52:663 REGION-PRIO, regioncode=10.0.0.0-10.255.255.255, return priority 1, bManual=0
(T5684)Debug( 919): 07/10/20 00:54:52:663 No internal gateway defined
(T5684)Debug( 938): 07/10/20 00:54:52:663 Optional client-cert does not exist
(T5684)Debug(9087): 07/10/20 00:54:52:663 Use proxy is true
(T5684)Debug( 41): 07/10/20 00:54:52:663 Roaming profile is false
(T5684)Debug( 167): 07/10/20 00:54:52:679 profileInfo username detect.company.com, profile path (null), server (null)
(T5684)Debug( 82): 07/10/20 00:54:52:679 Saved portal config to file C:\Users\detect.company.com\AppData\Local\Palo Alto Networks\GlobalProtect\PanPortalCfg_757f0b2cb2cf33971ecc05ded976bc9.dat.
(T5684)Debug(1552): 07/10/20 00:54:52:679 Proxy auto detect is not needed
(T5684)Debug(9180): 07/10/20 00:54:52:679 RefreshPortalConfig is yes, RefreshPortalConfigInterval is 24 hours
(T5684)Debug(2063): 07/10/20 00:54:52:679 SerializePortalConfigDigest to file C:\Users\detect.company.com\AppData\Local\Palo Alto Networks\GlobalProtect\PanPCD_757f0b2cb2cf33971ecc05ded976bc9.dat
(T5684)Debug(2064): 07/10/20 00:54:52:679 Portal config digest is e066d0a79e88de641d52b7da136b2b2c
(T5684)Debug(11592): 07/10/20 00:54:52:679 kerberos, dynamic config value is yes, m_stopOnKerberosFail=0
(T5684)Debug(11622): 07/10/20 00:54:52:679 Timeout value: portal 5, connect 5, receive 30, retry 5
(T5684)Debug(11625): 07/10/20 00:54:52:679 Tunnel retry grace period is 1800 seconds
(T5684)Debug(11628): 07/10/20 00:54:52:679 override-cc-username is no
(T5684)Debug(9220): 07/10/20 00:54:52:679 Scep certificate renew period is 7 days. Scep cert auth cookie length is 0
(T5684)Debug(9231): 07/10/20 00:54:52:679 Otp portal 0, otp internal gateway 0, otp auto external gateway 0, otp manual only external gateway 0
(T5684)Debug(9236): 07/10/20 00:54:52:679 Prefer ipv6 is 1 after processing portal configuration.
(T5684)Debug(9247): 07/10/20 00:54:52:679 Quarantine add message is
(T5684)Debug(9248): 07/10/20 00:54:52:679 Quarantine remove message is
(T5684)Debug(8604): 07/10/20 00:54:52:679 Skip parsing password expiration days because portal config digest matched
(T5684)Debug(8634): 07/10/20 00:54:52:679 No scep profile
(T5684)Debug(7736): 07/10/20 00:54:52:679 portal status is Connected.
(T5684)Debug(11887): 07/10/20 00:54:52:679 Enforcer is not enabled
(T5684)Debug(1826): 07/10/20 00:54:52:694 Enforcer,found 0 filter object belonging to us.
(T5684)Debug(8719): 07/10/20 00:54:52:694 Delete the previous trusted root ca file C:\Program Files\Palo Alto Networks\GlobalProtect\tca.cer
(T5684)Debug( 82): 07/10/20 00:54:52:694 Saved root CA(1375 bytes) into file C:\Program Files\Palo Alto Networks\GlobalProtect\tca.cer.
(T5684)Info (2528): 07/10/20 00:54:52:694 Imported root ca.
(T5684)Debug( 82): 07/10/20 00:54:52:694 Saved root CA(1761 bytes) into file C:\Program Files\Palo Alto Networks\GlobalProtect\tca.cer.
(T5684)Info (2528): 07/10/20 00:54:52:694 Imported root ca.
(T5684)Debug(8835): 07/10/20 00:54:52:694 client cert is empty in portal config
(T5684)Debug(2369): 07/10/20 00:54:52:694 Client cert is empty, no need to import to store
(T5684)Info (7990): 07/10/20 00:54:52:694 Connect method is pre-logon
(T5684)Debug(8007): 07/10/20 00:54:52:694 On-demand mode is false.
(T5684)Debug(9451): 07/10/20 00:54:52:694 SavePrelogon: Portal is vpn.company.com, PrelogonEnabled is 1
(T5684)Debug( 477): 07/10/20 00:54:52:694 Saved hip policy to file HipPolicy.dat.
(T5684)Debug(8040): 07/10/20 00:54:52:694 Hip check interval is 3600000 ms.
(T5684)Debug(8044): 07/10/20 00:54:52:694 Set check hip event
(T5684)Debug( 809): 07/10/20 00:54:52:694 m_bScheduleFlag is set to 0
(T5684)Debug( 297): 07/10/20 00:54:52:694 Set hip check event.
(T5684)Debug(8046): 07/10/20 00:54:52:694 Set hip missing patch check event.
(T13936)Info ( 246): 07/10/20 00:54:52:694 HipCheckThread: got check hip event or time out.
(T6424)Debug( 452): 07/10/20 00:54:52:694 HipMissingPatchThread: Got CheckHipMissingPatchEvent.
(T13936)Debug( 255): 07/10/20 00:54:52:694 HipCheckThread: Got CheckHipEvent.
(T6424)Debug( 386): 07/10/20 00:54:52:694 CheckHipMissingPatchInOtherProcess()
(T13936)Debug( 787): 07/10/20 00:54:52:694 SetNextScheduledHipCheckTime to 1594371292
(T6424)Debug( 389): 07/10/20 00:54:52:694 Need to check missing patch.
(T13936)Debug( 276): 07/10/20 00:54:52:694 Last hip check event wakeup tick is 1594367692
(T13936)Debug( 278): 07/10/20 00:54:52:694 HipCheckThread: check hip in other process.
(T13936)Debug( 306): 07/10/20 00:54:52:694 CheckHipInOtherProcess()
(T13936)Debug( 310): 07/10/20 00:54:52:694 Need to collect hip data
(T6424)Debug( 310): 07/10/20 00:54:52:694 CheckHipMissingPatchInOtherProcess(): Starting process PanGpHipMp.exe
(T13936)Debug( 117): 07/10/20 00:54:52:694 Starting process PanGpHip.exe
(T5684)Debug(8107): 07/10/20 00:54:52:694 Skip serialize portal user auth cookie for matched portal config digest
(T5684)Debug(1806): 07/10/20 00:54:52:694 Serialize empty cookie for portal vpn.company.com and pre-logon user
(T5684)Debug(1813): 07/10/20 00:54:52:694 SerializePortalPrelogonAuthCookie to file PanPPAC_239bf1558c8c6dfa362918db1954e11.dat
(T5684)Debug(8132): 07/10/20 00:54:52:694 Retrieved pre-logon-tunnel-rename-timeout value -1
(T5684)Debug(8140): 07/10/20 00:54:52:694 Retrieved user-switch-tunnel-rename-timeout value 0
(T5684)Debug(8151): 07/10/20 00:54:52:694 Retrieved preserve-tunnel-upon-user-logoff-timeout value 0
(T5684)Debug(8164): 07/10/20 00:54:52:694 Set preserver tunnel timeout to 0
(T5684)Debug(8176): 07/10/20 00:54:52:694 The value of can-continue-if-portal-cert-invalid is yes
(T5684)Debug(8191): 07/10/20 00:54:52:694 Got Uninstallation method
(T5684)Debug(4295): 07/10/20 00:54:52:694 SaveUninstallConfig(T5684)Debug(7168): 07/10/20 00:54:52:726 prelogon status is 3
(T5684)Debug(3108): 07/10/20 00:54:52:726 Grace period is 0
(T5684)Debug(7312): 07/10/20 00:54:52:726 Force discovery, set NetworkDiscoverEvent
(T13168)Debug( 543): 07/10/20 00:54:52:726 Set hip report quit event
(T13168)Debug(5115): 07/10/20 00:54:52:726 NetworkDiscoverThread: got network discover event.
(T13168)Debug(5122): 07/10/20 00:54:52:726 ----Network Discover starts----
(T13168)Debug( 787): 07/10/20 00:54:52:726 SetNextScheduledHipCheckTime to 0
(T13168)Debug( 809): 07/10/20 00:54:52:726 m_bScheduleFlag is set to 0
(T13168)Debug(5134): 07/10/20 00:54:52:726 UpdatePrelogonStateForSSO to GP_VPN_STATUS_DISCONNECTED
(T13168)Debug(4028): 07/10/20 00:54:52:726 UpdatePrelogonStateForSSO() - User-logon tunnel state = Disconnected
(T5684)Debug(1503): 07/10/20 00:54:52:726 Send response to client for request hip
(T13936)Debug( 135): 07/10/20 00:54:52:726 Wait for the ready event of hip report generated in other process.
(T13168)Debug( 550): 07/10/20 00:54:52:741 Network is reachable
(T13168)Debug(1877): 07/10/20 00:54:52:741 bNetworkAvailable is 1
(T13168)Debug(1885): 07/10/20 00:54:52:741 Network is available
(T13168)Debug(5152): 07/10/20 00:54:52:741 finish check host reachable
(T13168)Debug(6450): 07/10/20 00:54:52:741 --Set state to Discovering network...
(T9244)Debug(4880): 07/10/20 00:54:52:741 CaptivePortalDetectionThread: IsDetectingCaptivePortal=1, PreLoginIsDone=0
(T9244)Debug(4857): 07/10/20 00:54:52:741 CaptivePortalDetectionThread: wait (2000 ms) for captive portal detection event.
(T13168)Debug(1929): 07/10/20 00:54:52:741 unknown network type.
(T13168)Debug(1026): 07/10/20 00:54:52:741 Display hip report V4 on the UI
(T13168)Debug(5190): 07/10/20 00:54:52:741 Logout gateways before network discover..., bJustResumed=0
(T13168)Debug(1349): 07/10/20 00:54:52:741 Logging out gateway, reason is Network discover
(T13168)Debug(1388): 07/10/20 00:54:52:741 Logging out gateway over
(T13168)Debug(12217): 07/10/20 00:54:52:741 RetrieveClientIpByRemoteHost() - invalid remote host: .
(T13168)Debug( 194): 07/10/20 00:54:52:741 SelectInternalGateways - failed to retrieve client source ipv6!
(T13168)Debug(5245): 07/10/20 00:54:52:741 Process gateway: host vpn.company.com, description VPN-USER
(T13168)Debug(5322): 07/10/20 00:54:52:741 Gateway vpn.company.com ipv4 address is 192.168.9.1
(T13168)Debug(5390): 07/10/20 00:54:52:741 Gateway vpn.company.com: ipv4 192.168.9.1, ipv6 , FQDN yes
(T13168)Debug(5213): 07/10/20 00:54:52:741 Set network discover in progress
(T13168)Debug(5217): 07/10/20 00:54:52:741 UpdatePrelogonStateForSSO to GP_VPN_STATUS_DISCONNECTED
(T13168)Debug(4028): 07/10/20 00:54:52:741 UpdatePrelogonStateForSSO() - User-logon tunnel state = Disconnected
(T13168)Debug(12397): 07/10/20 00:54:52:741 GetNetworkTypeDS
(T13168)Debug(12400): 07/10/20 00:54:52:741 No ipv6 internal host detection.
(T13168)Debug(1769): 07/10/20 00:54:52:741 IP 172.20.20.105
(T13168)Debug(1788): 07/10/20 00:54:52:741 host detect.company.com
(T13168)Debug(1805): 07/10/20 00:54:52:741 DnsQuery returns 0
(T13168)Debug(1820): 07/10/20 00:54:52:741 Resolved 105.20.20.172.in-addr.arpa for internal host detection with return value 0
(T13168)Debug(1844): 07/10/20 00:54:52:741 The host name is detect.company.com
(T13168)Debug(6450): 07/10/20 00:54:52:741 --Set state to Discovery complete
(T13168)Debug(1026): 07/10/20 00:54:52:741 Display hip report V4 on the UI
(T13168)Debug(10607): 07/10/20 00:54:52:741 SetVpnStatus called with new status=1, Previous Status=0
(T13168)Debug(4028): 07/10/20 00:54:52:741 UpdatePrelogonStateForSSO() - User-logon tunnel state = Connected
(T13168)Debug(10704): 07/10/20 00:54:52:741 StopCaptivePortalDetection() captive portal detection is in progress
(T13168)Debug(5278): 07/10/20 00:54:52:741 NetworkDiscoverThread: network type is internal.
(T13168)Debug(5286): 07/10/20 00:54:52:741 NetworkDiscoverThread: Discover internal network.
(T13168)Info ( 369): 07/10/20 00:54:52:741 Gateway count is 0 for internal network.
(T13168)Debug(5290): 07/10/20 00:54:52:741 NetworkDiscoverThread: SetEvent network discover ready event for internal network discovery.
(T13168)Debug(6450): 07/10/20 00:54:52:741 --Set state to Discovery complete
(T9244)Debug(4880): 07/10/20 00:54:52:741 CaptivePortalDetectionThread: IsDetectingCaptivePortal=0, PreLoginIsDone=1
(T9244)Debug(4857): 07/10/20 00:54:52:741 CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
(T13168)Debug(1026): 07/10/20 00:54:52:741 Display hip report V4 on the UI
(T13168)Debug( 544): 07/10/20 00:54:52:741 Reset hip report quit event
(T13168)Debug( 567): 07/10/20 00:54:52:741 pan_read_text_from_file(): File does not exist. File: C:\Program Files\Palo Alto Networks\GlobalProtect\dalog.dat
(T13168)Debug(10607): 07/10/20 00:54:52:741 SetVpnStatus called with new status=1, Previous Status=1
(T13168)Debug(4028): 07/10/20 00:54:52:741 UpdatePrelogonStateForSSO() - User-logon tunnel state = Connected
(T13168)Debug(5473): 07/10/20 00:54:52:741 NetworkDiscoverThread: PortalStatus is 1, HasLoggedOnGateway is 0
(T13168)Debug(5574): 07/10/20 00:54:52:741 Reset NetworkDiscovery waitTime to 5 seconds.
(T13168)Debug(5099): 07/10/20 00:54:52:741 NetworkDiscoverThread: wait for network discover event.

 

 

 

Highlighted
L3 Networker

@raji_toor,

As far as I know you need to have an Internal Gateway inside the Internal Network to get the User-ID mapping (and HIP Reports) via GlobalProtect. In the logs I see:

"Gateway count is 0 for internal network."

and

"NetworkDiscoverThread: PortalStatus is 1, HasLoggedOnGateway is 0"

Are those logs from the time you tested with or without Internal Gateway configured?

Highlighted
L4 Transporter

@ACieszkowski Yes these logs are from when PC is in the internal network, and no IPSEC tunnel is established. And as i understand for just internal host detection for the purose of User-ID we don't need a gateway. And i did had gateway config before but it would still not populate User-ID.

Highlighted
Cyber Elite

@raji_toor,

You definitely need the internal gateway specified to actually get the user-id information through GlobalProtect, without it you are simply telling GlobalProtect that it doesn't need to form a tunnel with internal host detection enabled. You'll want to get that configured and then we can investigate the internal gateway issue.

Highlighted
L4 Transporter

@BPry   With gateway user-ID works but from the subnet gateway assigns to it. What i was looking for is to have user-id but without having to assign a new IP to the host. I am using same gateway for both internal and external. Is that possible.

Highlighted
L4 Transporter

@BPry  and @ACieszkowski I separated the internal and external gateways and did not add any client settings in agent config. This seems to have worked, the way i want it.

Highlighted
L3 Networker

@raji_toor,

Good to know

Internal Gateway has to be reachable in the Internal Network, but without the tunnel mode, answering your previous question.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!