GlobalProtect not connecting on Mac

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect not connecting on Mac

L1 Bithead

I'm trying to use GlobalProtect on a Mac, but it won't connect. I don't know much about Mac in general which definitely won't help me, I'm doing this for someone else and this is my first time using GlobalProtect on one. When I start the app and type the username, password and portal it just says connecting in the status tab. So far I've tried reinstalling the app, restarting the Mac, changing networks, double checking username/password/portal.

14 REPLIES 14

Is this on MacOS 10.13 High Sierra?

 

Go to settings

Security & privacy

General tab

Click Allow on "System software from developer Palo Alto Networks has been blocked..."

Cyber Elite
Cyber Elite

@K.Arne,

Look at the logs and see if it tells you anything. In addition I would make sure that the firewall is actually recieving traffic when you attempt to connect, that would at least verify that macOS isn't reseting the connection before it even leaves the Mac. 

@Christian_SvendsenThe Mac is running macOS Sierra 10.12.6. There is no option to allow it.

@BPryI've looked at some of the log files, but they don't really tell me anything.

PanGPS.log

 

P1069-T775   Oct 30 11:47:45:105435 Info ( 581): Received wake notification

P1069-T775   Oct 30 11:55:58:271529 Info ( 288): receive sig 15

P1069-T775   Oct 30 11:55:58:271560 Info ( 233): Stop PanGPS

P1069-T10511 Oct 30 11:55:58:924416 Info ( 662): debug thread ends

P1069-T775   Oct 30 11:55:59:16244 Info ( 468): Main thread run loop stopped.

P1069-T775   Oct 30 11:55:59:16509 Info ( 474): killServiceEvent is signaled

P1069-T775   Oct 30 11:55:59:16705 Debug( 483): g_isDaemon: 0, g_isPrelogonEnabled: 0, s_quitFromSwithOut: 0, g_needToRestart: 0

P1069-T775   Oct 30 11:55:59:16725 Info ( 495): PanGPS stops

P  90-T775   Oct 30 11:56:49:99550 Debug( 330): PanGPS, working directory is /Library/Logs/PaloAltoNetworks/GlobalProtect/

P  90-T775   Oct 30 11:56:49:150052 Info ( 142): ####################### Start PanGPS service (ver: 2.3.0-28) #######################

P  90-T775   Oct 30 11:56:49:150077 Info ( 143): Debug level is 5

P  90-T775   Oct 30 11:56:49:150095 Info ( 144): User is (null), home is (null), login is root

P  90-T775   Oct 30 11:56:49:150101 Debug( 146): IsDaemon is 1

P  90-T775   Oct 30 11:56:49:325472 Info (  70): Shared global defaults: <NSUserDefaults: 0x100701690>

 

P  90-T775   Oct 30 11:56:49:535759 Info ( 191): Couldn't obtain debug level from settings

P  90-T775   Oct 30 11:56:49:535948 Info ( 197): PrelogonEnabled is 0

P  90-T775   Oct 30 11:56:49:535960 Info ( 199): Daemon process needs to quit since prelogin is disabled

P  90-T775   Oct 30 11:56:49:535966 Info ( 461): StartPanAgent() failed

P 353-T775   Oct 30 11:56:55:336118 Debug( 330): PanGPS, working directory is /Library/Logs/PaloAltoNetworks/GlobalProtect/

P 353-T775   Oct 30 11:56:55:336251 Info ( 142): ####################### Start PanGPS service (ver: 2.3.0-28) #######################

P 353-T775   Oct 30 11:56:55:336261 Info ( 143): Debug level is 5

P 353-T775   Oct 30 11:56:55:336273 Info ( 144): User is USER, home is /Users/USER, login is USER

P 353-T775   Oct 30 11:56:55:336279 Debug( 146): IsDaemon is 0

P 353-T775   Oct 30 11:56:55:368256 Debug( 178): setreuid to 501

P 353-T775   Oct 30 11:56:55:368607 Info (  57): Shared user defaults: USER, <NSUserDefaults: 0x1011054f0>

 

P 353-T775   Oct 30 11:56:55:370653 Info (  70): Shared global defaults: <NSUserDefaults: 0x101105670>

 

P 353-T775   Oct 30 11:56:55:380766 Info ( 549): User Switch Monitor init finished

P 353-T775   Oct 30 11:56:55:380784 Info ( 189): Set debug level to 5

P 353-T775   Oct 30 11:56:55:381203 Info ( 197): PrelogonEnabled is 0

P 353-T775   Oct 30 11:56:55:381254 Info ( 499): cannot open /var/run/PanGPS.pid, assume no old instance running

P 353-T9999  Oct 30 11:56:55:381310 Info ( 656): debug thread starts

P 353-T775   Oct 30 11:56:55:382236 Info (  34): Mac OS X 10.12.6

/Applications/GlobalProtect.app/Contents/Resources/pangpd_10.9.kext failed to load - (libkern/kext) not loadable (reason unspecified); check the system/kernel logs for errors or try kextutil(8).

P 353-T775   Oct 30 11:56:56:630250 Debug(  59): driver installed

P 353-T775   Oct 30 11:56:56:630315 Error(  66): Cannot initialize driver: 1

P 353-T775   Oct 30 11:56:56:630334 Info ( 466): Start main thread run loop.
Debug_drv.log

 

10/30/2017 11:56:56.103664[Debug  298]: ioctl return 2

10/30/2017 11:56:56.106636[Debug  298]: ioctl return 2

10/30/2017 11:56:56.106705[Debug  298]: ioctl return 2

10/30/2017 11:56:56.107934[Info    40]: Darwin version 16.7.0

 

10/30/2017 11:56:56.630025[Info    60]: Install pangpd_10.9.kext finished with result 0

10/30/2017 11:56:56.630095[Debug  298]: ioctl return 2

10/30/2017 11:56:56.630279[Debug  298]: ioctl return 2

 

@K.ArneIt looks like a lot of the PanGPS stuff is failing. Your logs indicate that the .pid and the kext file can't be opened. 

 

I would remove GlobalProtect all together and then make sure that you actually delete all of the files related to GP. The uninstaller doesn't remove all of the directories and that could be screwing up your install, because something isn't loaded right or given the correct permissions. 

@BPryI deleted all the files I could find and removed GP. After installing it I got the exact same problem. Just to be sure, is there a specific install directory to GP or is it just in the Applications folder?

@K.Arne,

So just at a cursory glance, a machine that I haven't had GP installed for a while still had files located at /Users/$USER/Collect and then /Library/Application Support/PaloAltoNetworks. Note that I had multiple different Collect$ folders due to having different installes of GP present at one time or another. 

@BPryThis mac doesn't have /Users/$USER/Collect as a directory at all. The other one I already tried deleting without success.

@K.Arne,

Just to verify you did actually replace $USER with your username correct? This could actually be a Traps directory, so you may trully not have it. 

@BPryI did indeed replace it with my username, still no directory.

Hi Mate, 

 

On the latest mac {10.12.6} and gp {4.0.4.9}connecting fine. Connecting with a local user saved on the pan. Connecting to a loopback interface. Can connect when local or remote. Using a fqdn all gp prerequisites adherred to. 

 

as a few things to check;

 

if using an fqdn to connect, ping it from the mac terminal. does it resolve to the right ip ?

do ye see the pings on the traffic logs of the firewall?

if using internal / external networks can connect ? hotspot off phone and try connect etc

when ye filter using '( app eq panos-global-protect )' in the traffic logs do ye see the attempted connection?

when ye filter in the system logs '( subtype eq globalprotect )' do ye see anything for the mac book attempted connection?

allow the gp portal temp if not enabled, can the mac get to the portal web page and authenticate when using a browser ?

are you using the hip feature to only allow certain devices? check the hip logs, monitor>hip

have you tried off a different mac book? if not can ye ?

if windows connecting ok narrows it down a bit, if another mac can would narrow it down a lot 🙂 

 

theres a successful connection for a mac on yer mac version below, sanistised anything important, ips/fqdns/hostnames

I am an admin on the mac, its not part of a domain..

 

cheers

 

rob 

 

gps logs 

 

P 472-T16387 Nov 02 23:06:36:2365 Debug(  89): Check hip command line: /Applications/GlobalProtect.app/Contents/Resources/PanGpHip 4.0.4-9 "Apple Mac OS X 10.12.6" 5 10:dd:b1:cc:54:c0 
P 472-T13063 Nov 02 23:06:36:2396 Debug(1417): Serialized portal user auth cookie to file /Users/random/Library/Application Support/PaloAltoNetworks/GlobalProtect/PanPUAC_8942d69f99597cbaeb0e0a116228731.dat. 368 bytes.
P 472-T13063 Nov 02 23:06:36:2409 Debug(1253): Serialize non-empty cookie for portal gp.com and pre-logon user
P 472-T32283 Nov 02 23:06:36:2778 Debug( 185): CheckHipMissingPatchInOtherProcess(): Launched PanGpHipMp
P 472-T16387 Nov 02 23:06:36:3077 Debug( 103): CheckHipInOtherProcess(): Launched PanGpHip
P 472-T13063 Nov 02 23:06:36:3259 Debug(1260): SerializePortalPrelogonAuthCookie to file PanPPAC_c6ad5db18352493f28d87810fcfb25c2.dat
P 472-T13063 Nov 02 23:06:36:3271 Debug(6053): Retrieved pre-logon-tunnel-rename-timeout value -1
P 472-T13063 Nov 02 23:06:36:3276 Debug(6061): Retrieved user-switch-tunnel-rename-timeout value 0
P 472-T13063 Nov 02 23:06:36:3281 Debug(6077): The value of can-continue-if-portal-cert-invalid is yes
P 472-T13063 Nov 02 23:06:36:3285 Debug(5249): prelogon status is 0
P 472-T13063 Nov 02 23:06:36:3290 Debug(5373): Force discovery, set NetworkDiscoverEvent
P 472-T13063 Nov 02 23:06:36:5700 Debug(1038): Send response to client for request hip
P 472-T13335 Nov 02 23:06:36:5889 Debug( 451): Set hip report quit event
P 472-T13335 Nov 02 23:06:36:5899 Debug(3591): NetworkDiscoverThread: got network discover event.
P 472-T13335 Nov 02 23:06:36:5904 Debug(3598): ----Network Discover starts----
P 472-T13335 Nov 02 23:06:36:5908 Debug( 759): SetNextScheduledHipCheckTime to 0
P 472-T13335 Nov 02 23:06:36:5912 Debug( 781): m_bScheduleFlag is set to 0
P 472-T13335 Nov 02 23:06:36:5919 Debug(4677): --Set state to Discovering network...
P 472-T13335 Nov 02 23:06:36:25413 Debug( 254): There is no ipv6 interface
P 472-T13335 Nov 02 23:06:36:25551 Debug( 254): There is no ipv6 interface
P 472-T13335 Nov 02 23:06:36:25604 Debug( 203): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T13335 Nov 02 23:06:36:25735 Debug( 254): There is no ipv6 interface
P 472-T13335 Nov 02 23:06:36:25832 Debug( 254): There is no ipv6 interface
P 472-T13335 Nov 02 23:06:36:25928 Debug( 254): There is no ipv6 interface
P 472-T13335 Nov 02 23:06:36:26184 Debug( 714): Hip report changed. Include it in status message to client.
P 472-T13335 Nov 02 23:06:36:29363 Info (1071): <SCNetworkReachability 0x7fc7fdd60cc0 [0x7fffe0f9cda0]> {name = gp.com} is reachable 2
P 472-T13335 Nov 02 23:06:36:29385 Debug(3604): finish check host reachable
P 472-T13335 Nov 02 23:06:36:29407 Debug(4677): --Set state to Discovering network...
P 472-T13335 Nov 02 23:06:36:30858 Debug(3637): Logout gateways before network discover...
P 472-T13335 Nov 02 23:06:36:30872 Debug(1112): Logging out gateway, reason is Network discover
P 472-T13335 Nov 02 23:06:36:30877 Debug(1142): Logging out gateway over
P 472-T13335 Nov 02 23:06:36:30982 Debug(9243): RetrieveClientIpByRemoteHost() - invalid remote host: .
P 472-T13335 Nov 02 23:06:36:30992 Debug( 178): SelectInternalGateways - failed to retrieve client source ipv6!
P 472-T13335 Nov 02 23:06:36:31007 Debug( 231): found matching ipv4 ipaddress (10.10.20.1-10.10.20.254) in the list for gateway ()
P 472-T13335 Nov 02 23:06:36:31013 Debug( 330): Found match of client ip in the source ip list!
P 472-T13335 Nov 02 23:06:36:31020 Debug(4297): Process gateway: host internal.pan1, description tac
P 472-T16139 Nov 02 23:06:36:31111 Debug(3421): CaptivePortalDetectionThread: IsDetectingCaptivePortal=1, PreLoginIsDone=0
P 472-T16139 Nov 02 23:06:36:31121 Debug(3399): CaptivePortalDetectionThread: wait (2000 ms) for captive portal detection event.
P 472-T13335 Nov 02 23:06:36:776365 Debug(4297): Process gateway: host gp.com, description extenralgw
P 472-T13335 Nov 02 23:06:36:777682 Debug(4380): Gateway gp.com ipv4 address is 10.10.24.1
P 472-T13335 Nov 02 23:06:36:777696 Debug(4483): Gateway gp.com: ipv4 10.10.24.1, ipv6 , FQDN yes
P 472-T13335 Nov 02 23:06:36:777708 Debug(3656): Set network discover in progress
P 472-T13335 Nov 02 23:06:36:777713 Debug(3712): NetworkDiscoverThread: network type is external.
P 472-T13335 Nov 02 23:06:36:777718 Debug(3781): NetworkDiscoverThread: Discover external network.
P 472-T13335 Nov 02 23:06:36:777723 Debug( 494): Discover external gateway: gateway count is 1, cutoff time is 5
P 472-T13335 Nov 02 23:06:36:777785 Debug(2365): Gateway: gp.com, client IP: 1.1.1.1
P 472-T13335 Nov 02 23:06:36:880056 Debug(2067): retrieve info of gateway gp.com
P 472-T13335 Nov 02 23:06:36:880073 Debug(2078): Skip setting proxy for creating tunnel to gateway gp.com
P 472-T13335 Nov 02 23:06:36:880081 Debug(2788): ----Gateway Pre-login starts----
P 472-T13335 Nov 02 23:06:36:880312 Debug(5161): connect ssl.
P 472-T13335 Nov 02 23:06:36:880320 Debug( 693): SSL connecting to 10.10.24.1
P 472-T13335 Nov 02 23:06:36:906148 Debug(5211): Internal gateway gp.com is authenticated with trusted CA.
P 472-T13335 Nov 02 23:06:36:906168 Debug( 909): Cert name check of gp.com succeeded
P 472-T13335 Nov 02 23:06:36:906173 Debug(5232): Server cert is verified for gateway gp.com
P 472-T13335 Nov 02 23:06:36:906176 Debug(5234): disconnect ssl.
P 472-T13335 Nov 02 23:06:36:906215 Debug(1202): SSL3 alert write:warning:close notify
P 472-T13335 Nov 02 23:06:36:906372 Debug(2810): Server cert is verified for gateway gp.com
P 472-T13335 Nov 02 23:06:36:907115 Debug( 176): Original host gp.com(gp.com):443
P 472-T13335 Nov 02 23:06:36:907129 Debug(7740): Need to check gateway cert for gp.com
P 472-T13335 Nov 02 23:06:36:907142 Info ( 199): EVP_DecryptFinal_ex failed
P 472-T13335 Nov 02 23:06:36:907146 Info ( 635): pan_get_password failed.
P 472-T13335 Nov 02 23:06:36:907149 Info ( 256): Failed to retrieve passphrase
route: writing to routing socket: not in table
P 472-T13335 Nov 02 23:06:36:980220 Debug( 308): Response has no private header.
P 472-T13335 Nov 02 23:06:36:980249 Debug( 335): receive data with length 343
P 472-T13335 Nov 02 23:06:36:980322 Debug(2871): Login to gateway (null) gp.com without ipv6
P 472-T13335 Nov 02 23:06:36:980332 Debug(7772): StopCaptivePortalDetection()  captive portal detection is in progress 
P 472-T16139 Nov 02 23:06:36:980354 Debug(3421): CaptivePortalDetectionThread: IsDetectingCaptivePortal=0, PreLoginIsDone=1
P 472-T16139 Nov 02 23:06:36:980364 Debug(3399): CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
P 472-T13335 Nov 02 23:06:36:980752 Debug(2899): Pre-login response is <?xml version="1.0" encoding="UTF-8" ?>
<prelogin-response>
<status>Success</status>
<ccusername></ccusername>
<autosubmit>false</autosubmit>
<msg></msg>
<license>yes</license>
<authentication-message>Enter login credentials</authentication-message>
<panos-version>1</panos-version><region>10.0.0.0-10.255.255.255</region>
</prelogin-response>
P 472-T13335 Nov 02 23:06:36:980772 Debug(2904): REGION-PRIO, gateway region code is 10.0.0.0-10.255.255.255
P 472-T13335 Nov 02 23:06:36:980776 Debug(2921): REGION-PRIO, portal and gateway have same region code!
P 472-T13335 Nov 02 23:06:36:980782 Debug(2998): Auth message is Enter login credentials for gateway gp.com
P 472-T13335 Nov 02 23:06:36:980786 Debug(3021): Gateway license yes, license-v6 yes
P 472-T13335 Nov 02 23:06:36:980798 Debug(3096): ----Gateway Login starts----
P 472-T13335 Nov 02 23:06:36:980801 Debug(7873): Set to service bUseCCUserGateway 0 and ccUserNameGateway 
P 472-T13335 Nov 02 23:06:36:980805 Debug(1755): Update user name from  to test
P 472-T13335 Nov 02 23:06:36:980809 Debug(4990): OtpSaveCredential is save_credential
P 472-T13335 Nov 02 23:06:36:980811 Debug(5028): External network gateway without OTP authentication
P 472-T13335 Nov 02 23:06:36:980814 Debug(5049): Can save user and password. Use saved user credential
P 472-T13335 Nov 02 23:06:36:980954 Debug(1356): Unserialized non-empty cookie for portal gp.com and user test
P 472-T13335 Nov 02 23:06:36:981006 Debug(1285): Unserialized non-empty cookie for portal gp.com and pre-logon user.
P 472-T13335 Nov 02 23:06:36:981011 Debug(3145): Auth cookie is not empty for user test. Reset bDPGC flag.
P 472-T13335 Nov 02 23:06:36:981014 Debug(3149): bIsEmptyUser is 0, bDPGCforManualOnlyGateway is 0, bDPGCNotforManualOnlyGateway is 0
P 472-T13335 Nov 02 23:06:36:981017 Debug(7873): Set to service bUseCCUserGateway 0 and ccUserNameGateway 
P 472-T13335 Nov 02 23:06:36:981050 Debug(1356): Unserialized non-empty cookie for portal gp.com and user test
P 472-T13335 Nov 02 23:06:36:981085 Debug(1285): Unserialized non-empty cookie for portal gp.com and pre-logon user.
P 472-T13335 Nov 02 23:06:36:981089 Debug(3226): Actual user for gateway login is test
P 472-T13335 Nov 02 23:06:36:981491 Debug(4792): Get preferred IPv4 10.10.30.104 for gateway 10.10.24.1 and user test
P 472-T13335 Nov 02 23:06:36:981766 Debug(4820): Get preferred IPv6  for gateway 10.10.24.1 and user test
P 472-T13335 Nov 02 23:06:36:982214 Debug( 176): Original host gp.com(gp.com):443
P 472-T13335 Nov 02 23:06:36:982233 Info ( 199): EVP_DecryptFinal_ex failed
P 472-T13335 Nov 02 23:06:36:982237 Info ( 635): pan_get_password failed.
P 472-T13335 Nov 02 23:06:36:982240 Info ( 256): Failed to retrieve passphrase
P 472-T13335 Nov 02 23:06:37:156639 Debug( 308): Response has no private header.
P 472-T13335 Nov 02 23:06:37:156662 Debug( 335): receive data with length 1319
P 472-T13335 Nov 02 23:06:37:157237 Debug(1370): Serialize non-empty cookie for portal gp.com and user test
P 472-T13335 Nov 02 23:06:37:157499 Debug(1417): Serialized portal user auth cookie to file /Users/random/Library/Application Support/PaloAltoNetworks/GlobalProtect/PanPUAC_8942d69f99597cbaeb0e0a116228731.dat. 368 bytes.
P 472-T13335 Nov 02 23:06:37:157513 Debug(1253): Serialize non-empty cookie for portal gp.com and pre-logon user
P 472-T13335 Nov 02 23:06:37:157660 Debug(1260): SerializePortalPrelogonAuthCookie to file PanPPAC_c6ad5db18352493f28d87810fcfb25c2.dat
P 472-T13335 Nov 02 23:06:37:157702 Debug(7859): NetworkDisoverEventSet is no, RedoNetworkDiscovery is no
P 472-T13335 Nov 02 23:06:37:157706 Debug(2088): ----Tunnel creation starts----
P 472-T13335 Nov 02 23:06:37:157709 Debug(2089): Try to create tunnel with gateway gp.com
P 472-T13335 Nov 02 23:06:37:157714 Debug(4677): --Set state to Connecting...
P 472-T13335 Nov 02 23:06:37:159052 Debug(1965): proxy , proxyuser , domain , user test, remotehost 10.10.24.1. 
P 472-T13335 Nov 02 23:06:37:159162 Debug( 140): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T13335 Nov 02 23:06:37:159178 Debug( 147): found 1 ips
P 472-T13335 Nov 02 23:06:37:159337 Debug(  67): interface en1 ip6 fe80::1c4d:52e5:259a:e908/64
P 472-T13335 Nov 02 23:06:37:159353 Debug(  67): interface awdl0 ip6 fe80::848:97ff:fedd:1384/64
P 472-T13335 Nov 02 23:06:37:159362 Debug(  67): interface utun0 ip6 fe80::aa1b:c431:4eef:6c3b/64
P 472-T13335 Nov 02 23:06:37:159369 Debug(  74): found 3 ip6s
P 472-T13335 Nov 02 23:06:37:159556 Debug(2217): Get gateway config.
P 472-T13335 Nov 02 23:06:37:160276 Debug( 176): Original host gp.com(gp.com):443
P 472-T13335 Nov 02 23:06:37:160301 Info ( 199): EVP_DecryptFinal_ex failed
P 472-T13335 Nov 02 23:06:37:160310 Info ( 635): pan_get_password failed.
P 472-T13335 Nov 02 23:06:37:160315 Info ( 256): Failed to retrieve passphrase
P 472-T13335 Nov 02 23:06:37:200888 Debug( 308): Response has no private header.
P 472-T13335 Nov 02 23:06:37:200918 Debug( 335): receive data with length 1489
P 472-T13335 Nov 02 23:06:37:201005 Debug(2243): gateway gp.com's config is 
	<response status="success">
		<need-tunnel>yes</need-tunnel>
		<ssl-tunnel-url>/ssl-tunnel-connect.sslvpn</ssl-tunnel-url>
		<portal>gwGP-N</portal>
		<user test</user>
		<lifetime>2592000</lifetime>
		<timeout>10800</timeout>
		<disconnect-on-idle>10800</disconnect-on-idle>
		<bw-c2s>1000</bw-c2s>
		<bw-s2c>1000</bw-s2c>
		<gw-address>10.10.24.1</gw-address>
		<ip-address>10.10.30.104</ip-address>
		<netmask>255.255.255.255</netmask>
		<dns>
			<member>10.10.30.1</member>
		</dns> 
		<wins>
		</wins> 
		<dns-suffix>
		</dns-suffix> 
		<default-gateway>10.10.30.104</default-gateway>
		<mtu>0</mtu>
		<no-direct-access-to-local-network>no</no-direct-access-to-local-network>
		<access-routes>
			<member>0.0.0.0/0</member>
			<member>10.10.30.1/32</member>
		</access-routes> 
		<exclude-access-routes>
		</exclude-access-routes> 
		<ipsec>
			<udp-port>4501</udp-port>
			<ipsec-mode>esp-tunnel</ipsec-mode>
			<enc-algo>aes-128-cbc</enc-algo>
			<hmac-algo>sha1</hmac-algo>
P 472-T13335 Nov 02 23:06:37:201709 Debug( 257): gw-address-v6 is not specified
P 472-T13335 Nov 02 23:06:37:201723 Debug( 263): remoteHostV6 is not specified
P 472-T13335 Nov 02 23:06:37:202150 Debug(7552): Set preferred IP 10.10.30.104 for gateway 10.10.24.1 user test
P 472-T13335 Nov 02 23:06:37:206330 Debug( 385): DLSA, found no-direct-access-to-local-network tag, b_IsDLSASet set to false
P 472-T13335 Nov 02 23:06:37:206389 Debug( 572): Encryption method is aes-128-cbc
P 472-T13335 Nov 02 23:06:37:206490 Debug(2876): set driver connected as true
P 472-T15879 Nov 02 23:06:37:206605 Debug(1383): Route change message RTM_IFINFO: iface status change, gpd0 up
P 472-T13335 Nov 02 23:06:37:206649 Debug( 123): disconnect-on-idle timeout is 10800
P 472-T13335 Nov 02 23:06:37:206657 Debug( 133): VPN idle timeout is 10800; config timeout is 10800
P 472-T22287 Nov 02 23:06:37:206671 Debug(4246): NetworkConnectionMonitorThread: route change detected. Wait for 3 seconds.
P 472-T13335 Nov 02 23:06:37:206717 Debug( 146): STATIC IP, use dhcp to assign ip
P 472-T13335 Nov 02 23:06:37:206759 Debug( 162): Trying to do ipsec connection to 10.10.24.1[4501]
P 472-T13335 Nov 02 23:06:37:207098 Info ( 174): Connected to: 10.10.24.1[4501], Sending keep alive to ipsec socket...
P 472-T13335 Nov 02 23:06:37:221808 Info ( 212): Connected ipsec to 10.10.24.1(4501)
P 472-T13335 Nov 02 23:06:37:221861 Info ( 299): tunnel to 10.10.24.1 connected
P 472-T13335 Nov 02 23:06:37:221931 Debug( 318): PsvRegister done
P 472-T41483 Nov 02 23:06:37:221986 Debug( 364): VpnProcMonitor thread starts
P 472-T13335 Nov 02 23:06:37:222008 Debug( 753): Installing client config...
P 472-T41735 Nov 02 23:06:37:222054 Debug( 375): VpnProcDrv thread starts
P 472-T775   Nov 02 23:06:37:232779 Debug( 312): receive sig 20
P 472-T13335 Nov 02 23:06:37:232809 Debug( 119): route script dir /Library/Logs/PaloAltoNetworks/GlobalProtect//network/config
P 472-T13335 Nov 02 23:06:37:233334 Debug( 201): generated interface script install: /Library/Logs/PaloAltoNetworks/GlobalProtect//network/config/itf-install.sh, uninstall: /Library/Logs/PaloAltoNetworks/GlobalProtect//network/config/itf-uninstall.sh
P 472-T13335 Nov 02 23:06:37:233987 Debug( 520): original dns is set {
    ServerAddresses =     (
        "10.10.20.1",
        "8.8.8.8"
    );
}

P 472-T13335 Nov 02 23:06:37:234085 Debug( 528): tunnel dns is {
    SearchDomains =     (
    );
    SearchOrder = 50000;
    ServerAddresses =     (
        "10.10.30.1"
    );
}

P 472-T13335 Nov 02 23:06:37:234363 Debug(  40): SCDynamicStoreCopyValue(State:/Network/Global/IPv6) failed: No such key
P 472-T13335 Nov 02 23:06:37:234372 Error( 436): pan_SC_GetPropertyList(State:/Network/Global/IPv6) failed
P 472-T13335 Nov 02 23:06:37:234378 Info ( 589): failed to get PrimaryService for IPv6
P 472-T13335 Nov 02 23:06:37:234570 Debug( 493): generated route script install: /Library/Logs/PaloAltoNetworks/GlobalProtect//network/config/rt-install.sh, uninstall: /Library/Logs/PaloAltoNetworks/GlobalProtect//network/config/rt-uninstall.sh
P 472-T13335 Nov 02 23:06:37:234589 Debug(1139): Generate remote host access route to ipv4 gateway: 10.10.24.1
P 472-T775   Nov 02 23:06:37:242076 Debug( 312): receive sig 20
P 472-T775   Nov 02 23:06:37:247519 Debug( 312): receive sig 20
P 472-T13335 Nov 02 23:06:37:247545 Debug( 264): Default gateway: 10.10.20.1
P 472-T775   Nov 02 23:06:37:255579 Debug( 312): receive sig 20
P 472-T13335 Nov 02 23:06:37:255609 Debug(1066): add default route
P 472-T775   Nov 02 23:06:37:260421 Debug( 312): receive sig 20
P 472-T775   Nov 02 23:06:37:265562 Debug( 312): receive sig 20
P 472-T13335 Nov 02 23:06:37:265598 Info ( 330): failed to find default gateway
P 472-T13335 Nov 02 23:06:37:265607 Error( 385): failed to find default route v6
P 472-T775   Nov 02 23:06:37:274302 Debug( 312): receive sig 20
P 472-T13335 Nov 02 23:06:37:274732 Debug( 203): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T13335 Nov 02 23:06:37:274742 Debug( 794): phsical interface ip 1.1.1.1
P 472-T13335 Nov 02 23:06:37:274768 Debug( 865): Installing interface ...
P 472-T15879 Nov 02 23:06:37:286202 Debug(1374): Route change message RTM_NEWADDR: address being added to iface gpd0: 10.10.30.104
P 472-T13335 Nov 02 23:06:37:286999 Debug( 203): interface gpd0 ip 10.10.30.104/255.255.255.255
P 472-T13335 Nov 02 23:06:37:287021 Debug(1046): tunnel interface got ip 10.10.30.104
P 472-T13335 Nov 02 23:06:37:290721 Debug(  87): SCDynamicStoreSetValue(State:/Network/Service/gpd.pan/DNS) succeeded
P 472-T13335 Nov 02 23:06:37:294066 Debug(  87): SCDynamicStoreSetValue(State:/Network/Service/gpd.pan/IPv4) succeeded
P 472-T13335 Nov 02 23:06:37:303684 Debug(  87): SCDynamicStoreSetValue(State:/Network/Service/gpd.pan/IPv6) succeeded
P 472-T13335 Nov 02 23:06:37:303811 Debug( 905): Installing routes...
P 472-T13335 Nov 02 23:06:37:339267 Debug(3452): Found specific route to gateway 10.10.24.1.
P 472-T13335 Nov 02 23:06:37:339305 Debug(2250): DLSA: addrtforsave
P 472-T13335 Nov 02 23:06:37:339476 Debug(3401): DLSA: lif count is 1
P 472-T13335 Nov 02 23:06:37:339501 Debug(2278): DLSA: saveroutes to file
P 472-T13335 Nov 02 23:06:37:339506 Debug(2287): size of lar_file_header_t is 608
P 472-T13335 Nov 02 23:06:37:339511 Debug(2301): m_rts2save[0]->rtm_msglen is 124
P 472-T13335 Nov 02 23:06:37:339808 Debug( 102): pan_write_to_file(): wrote 736 of 736 bytes to file /Library/Application Support/PaloAltoNetworks/GlobalProtect/pan_lar.dat.
P 472-T13335 Nov 02 23:06:37:339821 Debug(2314): DLSA: 1/1 local access routes saved. Size 732
P 472-T13335 Nov 02 23:06:37:339826 Debug(3456): Gateway specific route is saved
P 472-T13335 Nov 02 23:06:37:339831 Debug( 321): Setting exclude routes...
P 472-T13335 Nov 02 23:06:37:339834 Debug( 334): Save route table snapshot...
P 472-T13335 Nov 02 23:06:37:339847 Debug( 423): ipsec connect(10.10.24.1) succeed
P 472-T13335 Nov 02 23:06:37:339854 Debug(7520): VPN tunnel is connected.
P 472-T13335 Nov 02 23:06:37:339858 Debug(7524): Enable life time and create life time thread.
P 472-T13335 Nov 02 23:06:37:339896 Debug(4677): --Set state to Connected
P 472-T13335 Nov 02 23:06:37:341514 Debug(7680): SetVpnStatus called with new status=1, Previous Status=0
P 472-T42007 Nov 02 23:06:37:343192 Debug(2811): LifeTimeThread starts
P 472-T13335 Nov 02 23:06:37:449605 Debug(2102): Tunnel is created with the gateway gp.com
P 472-T13335 Nov 02 23:06:37:449635 Debug(2124): tunnel to gp.com is created.
P 472-T13335 Nov 02 23:06:37:449641 Debug(3803): NetworkDiscoverThread: SetEvent network discover ready event for external network discovery.
P 472-T13335 Nov 02 23:06:37:449646 Debug( 452): Reset hip report quit event
P 472-T17675 Nov 02 23:06:37:449696 Debug(4028): HipReportThread: got network discover ready event.
P 472-T13335 Nov 02 23:06:37:449708 Debug( 487): pan_read_text_from_file(): File does not exist. File: /Users/random/Library/Application Support/PaloAltoNetworks/GlobalProtect/dalog.dat
P 472-T13335 Nov 02 23:06:37:449733 Debug(7680): SetVpnStatus called with new status=1, Previous Status=1
P 472-T13335 Nov 02 23:06:37:449746 Debug(3855): NetworkDiscoverThread: PortalStatus is 1, HasLoggedOnGateway is 1
P 472-T13335 Nov 02 23:06:37:449755 Debug(3931): Reset NetworkDiscovery waitTime to 5 seconds.
P 472-T13335 Nov 02 23:06:37:449760 Debug(3576): NetworkDiscoverThread: wait for network discover event.
P 472-T22287 Nov 02 23:06:37:449841 Debug( 203): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T17675 Nov 02 23:06:37:455645 Debug( 254): There is no ipv6 interface
P 472-T17675 Nov 02 23:06:37:455738 Debug( 254): There is no ipv6 interface
P 472-T17675 Nov 02 23:06:37:455781 Debug( 203): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T17675 Nov 02 23:06:37:455889 Debug( 254): There is no ipv6 interface
P 472-T17675 Nov 02 23:06:37:455962 Debug( 254): There is no ipv6 interface
P 472-T17675 Nov 02 23:06:37:456033 Debug( 254): There is no ipv6 interface
P 472-T775   Nov 02 23:06:37:456316 Debug( 312): receive sig 20
P 472-T17675 Nov 02 23:06:37:456678 Debug(4059): Sending hip report delay max registry setting is -1 seconds
P 472-T17675 Nov 02 23:06:37:456686 Debug(4061): Set max sending hip report delay to default 1800 seconds
P 472-T17675 Nov 02 23:06:37:456729 Debug(4076): hip report is encoded
P 472-T17675 Nov 02 23:06:37:456754 Debug(4098): HIP report md5 digest is 597b3971c9e9d7622a5fdfb4b846ef2
P 472-T17675 Nov 02 23:06:37:456765 Debug(4125): HipReportThread: network type is external network.
P 472-T17675 Nov 02 23:06:37:456819 Debug(3843): Entering SendHipReportToGateway(). Gateway: gp.com
P 472-T17675 Nov 02 23:06:37:456825 Debug( 771): m_bScheduleFlag is 0
P 472-T17675 Nov 02 23:06:37:456829 Debug( 781): m_bScheduleFlag is set to 1
P 472-T17675 Nov 02 23:06:37:456833 Debug(3867): Gateway gp.com: now is 1509663997, next hip checking is 0, next hip report check sending time is 0, last hip report check sending time is 0, sending hip delay is 0 ms
P 472-T17675 Nov 02 23:06:37:456838 Debug(3884): Wait for 0 ms to send hip report check to gateway gp.com
P 472-T17675 Nov 02 23:06:37:456846 Debug(3897): Time to send hip report to gateway gp.com
P 472-T17675 Nov 02 23:06:37:456914 Debug(2365): Gateway: gp.com, client IP: 1.1.1.1
P 472-T17675 Nov 02 23:06:37:456949 Debug(3914): Hip report head to gateway gp.com is
<?xml version="1.0" encoding="UTF-8"?>
<hip-report>
	<md5-sum>597b3971c9e9d7622a5fdfb4b846ef2</md5-sum>
	<user-name test</user-name>
	<domain></domain>
	<host-name>test</host-name>
	<host-id>10:dd:b1:cc:54:c0</host-id>
	<ip-address>10.10.30.104</ip-address>
	<ipv6-address></ipv6-addres
P 472-T17675 Nov 02 23:06:37:456955 Debug(4053): SendHipReportNReceive()
P 472-T17675 Nov 02 23:06:37:456977 Debug(4075): bUseCCUser=0, ccUserName=, m_userName test
P 472-T17675 Nov 02 23:06:37:456982 Debug(4078): using https to send hip report check to gateway gp.com
P 472-T17675 Nov 02 23:06:37:456989 Debug(4114): Network discover SN 14 remains same.
P 472-T17675 Nov 02 23:06:37:457125 Debug( 693): SSL connecting to 10.10.24.1
P 472-T17675 Nov 02 23:06:37:496758 Debug(1202): SSL3 alert write:warning:close notify
P 472-T17675 Nov 02 23:06:37:496874 Debug(4127): Gateway gp.com, response to the hip report check:

	<response status="success">
		<hip-report-needed>yes</hip-report-needed>
		<delay>0</delay>
	</response>

P 472-T17675 Nov 02 23:06:37:496883 Info (4129): sent HIP report check to gp.com.
P 472-T17675 Nov 02 23:06:37:497310 Debug(4157): Response status of HIP report check is success, gateway gp.com
P 472-T17675 Nov 02 23:06:37:497328 Debug(4159): Hip report check returns success.
P 472-T17675 Nov 02 23:06:37:497336 Debug(3928): SendHipReportNReceive returns TRUE for gateway gp.com
P 472-T17675 Nov 02 23:06:37:497343 Debug(3942): Hip notification is empty in the HIP report check response from gateway gp.com
P 472-T17675 Nov 02 23:06:37:497367 Info (3952): Hip report is  needed for gateway gp.com.
P 472-T17675 Nov 02 23:06:37:497379 Info (3965): Send hip report to gateway gp.com.
P 472-T17675 Nov 02 23:06:37:497400 Debug(4053): SendHipReportNReceive()
P 472-T17675 Nov 02 23:06:37:497409 Debug(4075): bUseCCUser=0, ccUserName=, m_userName test
P 472-T17675 Nov 02 23:06:37:497415 Debug(4078): using https to send hip report to gateway gp.com
P 472-T17675 Nov 02 23:06:37:497428 Debug(4114): Network discover SN 14 remains same.
P 472-T17675 Nov 02 23:06:37:497551 Debug( 693): SSL connecting to 10.10.24.1
P 472-T17675 Nov 02 23:06:37:555125 Debug(1202): SSL3 alert write:warning:close notify
P 472-T17675 Nov 02 23:06:37:555244 Debug(4127): Gateway gp.com, response to the hip report :

	<response status="success">
		<notification><hip-notification/></notification>
	</response>

P 472-T17675 Nov 02 23:06:37:555253 Info (4129): sent HIP report  to gp.com.
P 472-T17675 Nov 02 23:06:37:555745 Debug(4157): Response status of HIP report  is success, gateway gp.com
P 472-T17675 Nov 02 23:06:37:555761 Debug(4159): Hip report  returns success.
P 472-T17675 Nov 02 23:06:37:555767 Info (3968): Got hip notification from gateway gp.com.
P 472-T17675 Nov 02 23:06:37:555772 Debug(3970): Hip notification is not empty in the HIP report response from gateway gp.com. Update hip notification for the gateway.
P 472-T17675 Nov 02 23:06:37:555776 Debug(3984): SSL is disconnected. Returns TRUE.
P 472-T17675 Nov 02 23:06:37:555892 Debug(1338): SendHipReportToGateway gp.com returns TRUE.
P 472-T17675 Nov 02 23:06:37:557981 Debug(4002): HipReportThread: wait for HIP report ready event.
P 472-T22287 Nov 02 23:06:40:645086 Debug(4306): NetworkConnectionMonitorThread: m_state = 0, m_bOnDemand=1, m_bAgentEnabled=1, m_bJustResumed is 0,
 m_bHibernate is 0, m_bAgentEnabled is 1, m_bDisconnect is 0, IsConnected() is 1, IsVPNInRetry() is 0.
P 472-T22287 Nov 02 23:06:40:645174 Debug( 203): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T22287 Nov 02 23:06:40:651241 Debug(4322): NetworkConnectionMonitorThread: Detected route change, but skip network discovery.
P 472-T22287 Nov 02 23:06:40:651262 Debug(4246): NetworkConnectionMonitorThread: route change detected. Wait for 3 seconds.
P 472-T775   Nov 02 23:06:40:651277 Debug( 312): receive sig 20
P 472-T22287 Nov 02 23:06:40:651322 Debug( 203): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T775   Nov 02 23:06:40:657005 Debug( 312): receive sig 20
P 472-T22287 Nov 02 23:06:43:731002 Debug(4306): NetworkConnectionMonitorThread: m_state = 0, m_bOnDemand=1, m_bAgentEnabled=1, m_bJustResumed is 0,
 m_bHibernate is 0, m_bAgentEnabled is 1, m_bDisconnect is 0, IsConnected() is 1, IsVPNInRetry() is 0.
P 472-T22287 Nov 02 23:06:43:731083 Debug( 203): interface en1 ip 1.1.1.1/255.255.255.0
P 472-T22287 Nov 02 23:06:43:736043 Debug(4322): NetworkConnectionMonitorThread: Detected route change, but skip network discovery.
P 472-T775   Nov 02 23:06:43:736068 Debug( 312): receive sig 20

 

 

@DonohoeRobertHi. I tried almost everything that you told me to check with success, the client still doesn't connect. I did not try hip though, as I'm not sure what it is, same with the filters, don't know where to apply them.

Hi K.Arne,

 

I am unable to get the GP working, but I believe it is because of the version of GP. Just a little background, I am getting the following error...

 

P21190-T775 May 31 12:57:01:266728 Info ( 146): ####################### Start PanGPS service (ver: 2.2.0-48) #######################
P21190-T775 May 31 12:57:01:266960 Info ( 147): Debug level is 4
P21190-T775 May 31 12:57:01:267019 Info ( 148): User is "UserNameHere", home is /var/empty, login is "UserNameHere"
P21190-T775 May 31 12:57:01:272807 Info ( 56): Shared user defaults: "UserNameHere", <NSUserDefaults: ###########>

P21190-T775 May 31 12:57:01:275739 Info ( 69): Shared global defaults: <NSUserDefaults: ###########>

P21190-T775 May 31 12:57:01:280606 Info ( 538): User Switch Monitor init finished
P21190-T775 May 31 12:57:01:280639 Info ( 195): Couldn't obtain debug level from settings
P21190-T775 May 31 12:57:01:281052 Info ( 201): PrelogonEnabled is 0
P21190-T775 May 31 12:57:01:281115 Info ( 493): cannot open /var/run/PanGPS.pid, assume no old instance running
P21190-T21511 May 31 12:57:01:281203 Info ( 656): debug threstarts
/Applications/GlobalProtect.app/Contents/Resources/pangpd_10.9.ad kext failed to load - (libkern/kext) not loadable (reason unspecified); check the system/kernel logs for errors or try kextutil(8).
P21190-T775 May 31 12:57:01:282835 Info ( 34): Mac OS X 10.13.4
P21190-T775 May 31 12:57:01:836409 Error( 66): Cannot initialize driver: 1
P21190-T775 May 31 12:57:01:836429 Info ( 455): Start main thread run loop.
P21190-T775 May 31 13:11:58:599070 Info ( 292): receive sig 15
P21190-T775 May 31 13:11:58:599092 Info ( 237): Stop PanGPS
P21190-T21511 May 31 13:11:58:625221 Info ( 662): debug thread ends
P21190-T775 May 31 13:11:58:699385 Info ( 457): Main thread run loop stopped.
P21190-T775 May 31 13:11:58:712236 Info ( 463): killServiceEvent is signaled
P21190-T775 May 31 13:11:58:712677 Info ( 484): PanGPS stops

 

Based on this outcome I further searched in PA Support site and it turns out that for High Sierra (Mac OS 10.13.x) you need to use GP version 4.0.3 or later (https://www.paloaltonetworks.com/documentation/global/compatibility-matrix/globalprotect/where-can-i...

 

Do you still encounter this issue with the new GP version?

 

Thank you,

Gustavo


logs file

P7372-T515 Apr 08 16:01:22:817298 Debug( 167): IsDaemon is 0
P7372-T515 Apr 08 16:01:22:817609 Debug( 388): Console gid is 20
P7372-T515 Apr 08 16:01:22:817661 Debug( 413): Changed owner and mode of /Library/Logs/PaloAltoNetworks/GlobalProtect/PanGPS.log
P7372-T515 Apr 08 16:01:22:817692 Debug( 413): Changed owner and mode of /Library/Logs/PaloAltoNetworks/GlobalProtect/PanGPInstall.log
P7372-T515 Apr 08 16:01:22:817774 Info ( 719): Migrate settings
P7372-T515 Apr 08 16:01:22:842930 Debug( 206): setreuid to 502
P7372-T515 Apr 08 16:01:22:843740 Info ( 585): User Switch Monitor init finished
P7372-T515 Apr 08 16:01:22:843756 Info ( 219): Couldn't obtain debug level from settings
P7372-T515 Apr 08 16:01:22:843796 Info ( 227): PrelogonEnabled is 0
P7372-T515 Apr 08 16:01:22:843853 Info ( 504): cannot open /var/run/PanGPS.pid, assume no old instance running
P7372-T12555 Apr 08 16:01:22:843919 Info ( 684): debug thread starts
P7372-T515 Apr 08 16:01:22:846031 Debug( 116): pan RAND init fips...
P7372-T515 Apr 08 16:01:22:846954 Info ( 153): DRBG selftest: PASSED
P7372-T515 Apr 08 16:01:23:66052 Error( 60): install driver failed
P7372-T515 Apr 08 16:01:23:66074 Info ( 502): Start main thread run loop.


  • 17830 Views
  • 14 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!