globalprotect on windows 7

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

globalprotect on windows 7

L4 Transporter

I had an odd thing happen today, I could not get GP version 4.0 to work on a windows 7 install for a users, though I am using it on my personal pc at home

18 REPLIES 18

L7 Applicator

When you say.." To work"..... What part....

did it install ?

is the service running ?

or is it just failing to connect?

@Mick_Ball

 

It installed fine, wouldn't connect because a cert error

Are you talking about a user auth cert. If so i had a similar issue yesterday. I was renewing our ipad device ca cert and tested it it on my win7 pc which has v4 and has worked since it was upgraded. But the new cert works on an ipad but not the win7 pc. 

 

My portals are available to all OS. Was off today so will test again tomorrow and post findings, please do the same if resolved.

 

mick.

FYI. I did enter the url for our vpn in ie (https://) and reached the portal login page but still got client cert error. Perhaps you could test this as this will prove a win7 issue and not GP. (Or not).

sorry, false alarm... my win7 laptop was still using another portal that did not have the new root CA installed.

@Mick_Ball

 

My portal is also set to recieve all OS's and it did work with the older version of GP 2.0.48 I believe. 

@Mick_Ball

 

Its just so weird that my one at home, though a homer version of windows 7 works over the users windows 7 professional version. As I mentiioned I got it to work with an older version of GP but it doesn't make sense

Ah, "just so wierd", "doesn't make sense" these are expressions used by myself on a regular basis when PA's are involved...

 

i know that doesn't help but couldn't resist...

 

so... for the record...

 

i assume we are talking about an auth or device cert, not the VPN portal url cert?

did you try https via web browser?

have you restared the PAN agent on device?

 

also... it may be worth uninstalling the V4 and removing all GP stuff under /windoze/prog files/palo alto folder.

I have no idea if this would help but may be worth a bash.

 

also... quite a jump from 2 to 4. i went from 3.1.4 to 4 so may be worth trying a lower version.

sorry, cutching straws here...

@jdprovine,

So there was also a pretty big change on both upgrades but I think you are likely running into the following:

4.0 changes it so that the GlobalProtect agent no longer allows the user to continue in the event the server certificate verification failed. Instead it will reach the information in the cache configuration to connect directly to the gateway; likely why the upgraded agents are working and the new agent is not. 

 

Have you verified that the end-user device actually trusts the certificate on the portal? If it doesn't then that will simply be your issue and the user needs to add it to their trusted certificate store. Older versions of GP this doesn't really matter if you've configured the Agent to allow the client to connect anyway. 

 

@BPry

 

I verified that he was able to download and install the cert but it didn't fix the issue.  I also installed the older one, and verified that it worked, then upgraded to 4 and it broke it.  The weirdest thing is I upgraded on my window 7 at home to 4 and had no issue. The only differences between me and him is I have windows 7 home, he had window 7 pro and his laptop was encrypted

ok but could you just confirm what happens when you enter https://(your portal address) into the web browser on the users PC.

@Mick_Ball

 

That just takes me to the login to download the GP agent install

Yes its supposed to but it was to test if you get the cert error on the users pc, did you try this on your win7 home.

if yes then as expected, no cert errors.....

but is it the same from the user win7 pro device.

 

 

@Mick_Ball

 

I appear to get the cert error going to the portal address from any machine I use going to the portal address even on the ones it works on

  • 5078 Views
  • 18 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!