GlobalProtect without license on 4.1.1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect without license on 4.1.1

L2 Linker

I have a problem with global protect without license i have configured it as in tech notes says, but when i commit i get the following message.

•Warning: No valid GlobalProtect portal license!(Module: useridd)

When i launch Global Protect Client it not connets.

In GlobalProtect Client I get the following Logs.

(T4988) 01/13/12 15:36:45:998 Error(8084): gethostbyname failed: 11004, host  84.88.XXX.XXX

(T6984) 01/13/12 15:36:48:250 Error( 281): Server Error: Connect to  84.88.XXX.XXX:443 Failed

(T6984) 01/13/12 15:36:48:250 Error( 135): do_tcp_connect()

(T6984) 01/13/12 15:36:48:250 Error(3664): ConnectSSL: Failed to connect to ' 84.88.XXX.XXX:443'. Disconnect ssl.

(T4988) 01/13/12 15:36:48:299 Error(6788): NetworkDiscoverThread: failed to discover external network.

And in System Monitor of PAN device i got the following filtering by ( subtype eq globalprotect )

subtype : globalprotect

severity: informational

Event: globalprotectportal-config-succ

Object: portal-tunnel.1

Description: GlobalProtect portal client configuration generated. Login from: 213.97.XXX.XXX, User name: user1, Config name: default-user-config.

subtype :globalprotect

severity: informational

Event: globalprotectportal-auth-succ

Object: portal-tunnel.1

Description: GlobalProtect portal user authentication succeeded. Login from: 213.97.XXX.XXX, User name: user1.

No news from Gateway.... Your help will be apreciated.

Thanks in advance.

Albert

7 REPLIES 7

L4 Transporter

Hi Albert,

I only remember to have seen this message if you have more than 1 IP address defined on the GlobalProtect Portal definition or if you have an internal IP address defined.

Or if you defined HIP profiles.

Also you cannot download/configure the GlobalProtect Data File Dynamic Update Schedule.

Can you check please?

Cheers,

Stijn.

Now there is no license error but the vpn-ssl does not connect.

I have only one portal with only one IP address and I have no Internal Gateway only an External Gateway. Also I have not HIP profiles.

Hi,

If you have only 1 external IP, no HIP and no GlobalProtect Data File updates, you should not see the license warning I believe.

If still seen, please open a TAC case.

---

Regarding the gateway error connection.  You don't use NAT and if yes, not on a port different than 443?

Normally I would say to use the same IP for the Portal and Gateway definition, reachable on port 443.

Also make sure not to have any 'spaces' in the name of any of the GlobalProtect configurations.

If not working, please open a TAC case as well.

You also might want to check this post: https://live.paloaltonetworks.com/docs/DOC-1666

Cheers,

Stijn.

Hi,

I couldn't open following document.

Why?

https://live.paloaltonetworks.com/docs/DOC-1666

Mt.10

L4 Transporter

Hi,

Might this issue have been yours?

  • 34469 – Incorrectly receiving the warning message “No valid GlobalProtect portal license” and “No valid GlobalProtect gateway license” when committing the configurations. Issue occurred when a translated SSL VPN was created by the 4.0 to 4.1 upgrade, so the portal/gateway configuration is valid and the errors should not be displayed.

If yes, please upgrade to v4.1.2 released last night.

Regards,

Stijn.

L3 Networker

We had this same issue.  We are staying away from 4.1.1 and 4.1.2 until further bugs get cleaned up.  Also, when we upgraded to 1.1.1 GlobalProtect client and software 4.1.2, GlobalProtect would get caught up "Connecting" and would not connect.  We have reverted to 4.0.5 and 1.0.5 and everything works the way that it should.

L3 Networker

Up the case


Im with the same problem , my version is 4.1.6


Best Regards


Thiago Lima.

  • 6350 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!