GlobalProtect with Vodafone and Telecom

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect with Vodafone and Telecom

L0 Member

One of our Colleagues isn't able to connect from his home in Germany to our Gateway in Switzerland when using the GlobalProtect Client (V. 5.1.0-75) when using either his Home Internet Connection (via WiFi) nor when using a Mobile Hotspot (Vodafone Mobile on iPhone), are there any Limitations or issues known with this Combination?

don't mind me, just a Grease Monkey
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

I've had an issue issue with these providers where they were offering IPv6 at the customer level and applying NAT64 once connections left their network. The additional ipv6 header was wreaking havoc on GP connectivity and we ended up needing to lower the MTU for these users to be able to get connected, might be worth checking if you have a similar issue

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

8 REPLIES 8

Cyber Elite
Cyber Elite

@HF_Martini6Hello,

 

There are no limitations as such.  What do you see in the logs on firewall ?

 

- Mayur

M

unfortunately i do not have access to any Firewall Logs or Settings, i can only see what's going on in the Logs of the Machine my Colleague is using.

don't mind me, just a Grease Monkey

Is there any chance if someone can check logs on firewall? Check if request is hitting firewall and it is getting allowed.

 

Mayur

M

i'll check with our iT Security Departement aka "the Dungeon Keepers"

don't mind me, just a Grease Monkey

L0 Member

Hi,

I have a similar issue with Global Protect with a user on Vodafone, Germany. 

Did you ever fix this ?


 

Cyber Elite
Cyber Elite

@Robert2,

You might get more traction on your question opening a new discussion. As @SutareMayur mentioned in this thread, the first place to look would be the firewall logs to ensure the traffic is evening hitting your device. 

Cyber Elite
Cyber Elite

I've had an issue issue with these providers where they were offering IPv6 at the customer level and applying NAT64 once connections left their network. The additional ipv6 header was wreaking havoc on GP connectivity and we ended up needing to lower the MTU for these users to be able to get connected, might be worth checking if you have a similar issue

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L0 Member

It turns out this was a weird MTU issue, Manually decreasing the MTU on the NIC/IP stack via powershell, fixed end to end traffic.

Thanks Reaper

  • 1 accepted solution
  • 4343 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!