GlobalProtect issue

Reply
Highlighted
L2 Linker

GlobalProtect issue

Hi all,

We have problem connecting to a VPN using GlobalProtect. We opened a case but maybe someone has an idea what's going on..

The error message on GP client is

Error(4960): failed to get the tag gateways(T1404)

Error(5401): Failed to get gateway list for external network.


Erros on Palo Alto:

GlobalProtect portal user authentication succeeded. Login from: x.x.x.x, User name: YY, Auth type: profile.

GlobalProtect portal client configuration failed. Login from: x.x.x.x, User name: YY.

Device has been upgraded from 5.0.8 version to 6.0.6 month (or two) ago and GP was working fine until a week ago. The problem first appeared only to some people (weird?), but today almost all users have this problem.

All tips and ideas are welcome. :smileyhappy:

Regards,

Vesna.

Tags (1)
Highlighted
L5 Sessionator

Re: GlobalProtect issue

If issue occurred after upgrading to 6.0 then I would definitely check the common name of the certificate used for global protect (see if that is ip or fqdn) and the configuration under Portal's Client config. It must match what we have on certificate. If certificate has a common name abc.company.com then under external gateway setting we should configure abc.company.com (and not its public ip say 1.1.1.1). Hope this helps. Thank you.

Highlighted
L3 Networker

Re: GlobalProtect issue

Also upgrade the GP clients to the newer code release as well. There are bug fixes in them.

Highlighted
L2 Linker

Re: GlobalProtect issue

Thanks ssharma and oklier.

Problem did not start right away after upgrade. GP was working fine for a few weeks on 6.0.6 version.

Same problem with the newest GP client..

Highlighted
L3 Networker

Re: GlobalProtect issue

I would then say if Support has not called you back. Give them a call.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!