Hi All,
I have an issue where we need to input <firewall IP Address>:443 in order to connect. But some of my users does not require the :443 to connect to the VPN.
Screenshot as shown below,
Any way that i dont even require :443 to be connected to the VPN?
@Kevin-Ng wrote:
Hi All,
I have an issue where we need to input <firewall IP Address>:443 in order to connect. But some of my users does not require the :443 to connect to the VPN.
Screenshot as shown below,
Any way that i dont even require :443 to be connected to the VPN?
Why are you defining the port in your portal config? You shouldn't need to. Using tcp port 443 is a part of the normal inherent configuration of the Global Protect VPN service. You should only be putting in the resolvable FQDN of your portal. Natively the connection will use tcp/443 or if configuration in your config IPSec as a primary option.
Also review your security policy and make sure you aren't blocking the tcp/443 connection for some of these users.
@BPry wrote:
You don't mention what version of GlobalProtect this is being seen on, what version have you encountered this issue with? When you say that you don't run into issues with some users but you do with others, what's the actual counts here? Is it that one user is running into issues but nobody else is, or is it 50% of staff is running into issues?
When you encounter the issue with a user what troubleshooting are you doing? Do you see traffic being denied from their public IP, do you see the connection attempt being made at all? What do you see in the PanGPS logs on the client?
Some good points. I noticed the old UI of the GP client. It would have to be something under 6.X. Unless he's running something other than 5.1 the code isn't even supported. It might be worth upgrading the GP client version to a 6.X version. For us 6.0.10 is stable, not sure if that would work in the OPs enviornment:
