GlobalProtect IOS stuck

Pantelis · ‎05-16-2022

Good day,

After updating to10.2.1 and 6.0.2 GlobalProtect client I could not connect to VPN.

The problem was occurred for one endpoint. So I used the second one to connect and update the client.

Also the DNS(for split tunnel) was not work. I had to make "virtual change", just to press the OK button and commit. After that DNS was working. Also the HA was not working and with the same work around it did.

With iPhone the problem s that although login successful the status is disconnected.

Any thoughts/suggestions?

BPry · ‎05-16-2022

@Pantelis,

So it sounds like post upgrade the configuration migration to 10.2 wasn't handled 100% correctly during the upgrade process. That happens occasionally and the candidate-config kind of corrects itself into a usable format which is why those commits "fixed" the issue.

If I'm reading the remaining issue correctly, you're saying that when you connect via the iPhone you immediately get disconnected? Do you have a GlobalProtect subscription to allow you to use the mobile client? Is their anything on the firewall's GlobalProtect logs for the client pointing towards any issues with agent profiles or the like?

Pantelis · ‎05-16-2022

I am not sure about the subscription... But users could login from their mobiles. After the upgrade this problem has occurred.

Logs for my login are the following (I have updated the GlobalProtect client on my iPhone)

CirrusMDDevOps · ‎09-07-2022

did you ever find the solution to this? We have the exact same issue using SAML auth and the iOS app. Auth is successfull but the mobile app never connects.

itfromgermany · ‎10-11-2022

Same issue here with PA-220, PAN OS 10.2.3 (GlobalProtect Client on PA is: 6.1.0). iOS Clients cannot connect anymore after upgrading PAN-OS on firewall device. Windows/MacOS clients can connect... logs seem fine.

We did some testing with new/blank IOS devices, where we didn't have any error. Several IOS devices are still not able to connect. Reset/Restarts didn't work. IOS 16 also affected. I guess there should be an app update for Global Protect app in appstore from palo alto or a PAN OS update on Firewall?

pan219 · ‎10-12-2022

Having the same issue like @itfromgermany after upgrading PAN220 to 10.2.3 from 10.2.2-h2

Prior to the upgrade iOS 16.0.x clients were able to connect successful via GP App 6.0.2-0 to portal and then establishing an IPSec connection. Using local authentication on the fw, no SAML.

iOS Clients can connect to the portal and successfully authenticate on the pan but forwarding to the gateway results in an continuous loop (seen in the gp logs: successful auth, then followed by a gateway-register / gateway-logout loop in a 1sec inverall; in iOS app it's just stuck at "Connecting"

Tried to downgrade- unsuccessful
Fiddled with the configuration in any possible way - unsuccessful

DavePalo · ‎10-17-2022

Having the same problem with iOS GlobalProtect 6.0.2 using SAML on PanOS 10.2.2.

Connections from Windows and MacOS work just fine.

iOS successfully authenticates and GP shows a "Login Successful!" message, but when I close the message GP is disconnected again.

During sanity testing I too found that switching from SAML to local auth does allow iOS devices to connect. Issue just seems to be iOS GP & SAML.

Pantelis · ‎10-17-2022

Just upgrade the OS to 10.2.3. It will fix the issue.

Pantelis · ‎10-17-2022

I upgraded the PanOS to 10.2.3 and the issue was solved.

My GP agent is 6.0.1 but the problem was not in the agent.

Hyatlotsa · ‎10-18-2022

I'm especially stayed aware of the article and I will get many benefits from it. Subsequently, thank you for sharing it.That vitalizes the amazing bone! Here clearly accepting I endeavor an article I can pull off a couple of additional spaces!

DavePalo · ‎10-18-2022

Thank you @Pantelis

I currently have an issue upgrading beyond 10.2.2 - the VM Series fails to come back up. Saved by a snapshot.

Good to know that the GP issue will be sorted once the update issue is resolved though. I'll raise a SR.

itfromgermany · ‎10-19-2022

do you have any news in this case...?

pan219 · ‎10-23-2022

nope, no news. I am waiting for the next update, as downgrading to a previous versions did not solve it. Someone at reddit mentioned that this bug is under ID 191216 from PAN.

pan219 · ‎11-09-2022

have you seen any progress in resolving this issue? (im Sinne der der anderen Forenteilnehmer verzichte ich auf die deutsche Sprache)

itfromgermany · ‎11-09-2022

Palo Alto Support is still clueless. I guess it's maybe related to mobile phone provider in relation to the setup (Telekom, LTE, Germany, IPV6, IOS 16). Because e.g. travelling through Italy with another mobile phone provider we hadn't seen the issue. I've sent you a DM. If anyone else is struggling with the issue, would be nice if you can post it here.

GlobalProtect IOS stuck

GlobalProtect IOS stuck

Show your appreciation!