I've been having this wierd issue with GLobalprotect for almost 3 months staraight with no possible way to fix it. I will connect to my company's SSL VPN with the Globalprotect client, and I have no issues connecting. The issue comes usually about an hour after I am connected. All of a sudden, sessions will cease to exist. I'm still connected to the VPN, but now my Outlook is diconnected, I can't ping 18.104.22.168, and my IM client can't connect at all.
From what I'm told from TAC, the HIP checks that we have in place to make sure it is a company laptop and not a BYOD device, is timing out. It scans at initial login, and does a follow up scan later, which is where I run into this issue. It times out for almost 20 minutes before regaining access to the network again. Alternatively, I can force it to come back by opening the client, and clicking the Resubmit Host Profile button, and about 30 seconds later we're back in business.
We used to have a bunch of HIP objects including Host Info, Custom check, Antivirus, Windows OS Patches, SCEP. Over the last 2 months I have taken all but the host info and custom check out of the system, and I still have this issue. It's not just me either, 2 other users out of 6 have complained about it.
I've often wondered if maybe our PA3020's are just FUBAR, or if there is something bigger at play going on. Coming from using Cisco ASA's extensively and using Anyconnect, I couldn't recommend Globalprotect to anyone right now. Has anybody else had any similar issues???
We're using PA3020s with PAN OS 8.1.6.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!