01-13-2012 06:51 AM
I have a problem with global protect without license i have configured it as in tech notes says, but when i commit i get the following message.
•Warning: No valid GlobalProtect portal license!(Module: useridd)
When i launch Global Protect Client it not connets.
In GlobalProtect Client I get the following Logs.
(T4988) 01/13/12 15:36:45:998 Error(8084): gethostbyname failed: 11004, host 84.88.XXX.XXX
(T6984) 01/13/12 15:36:48:250 Error( 281): Server Error: Connect to 84.88.XXX.XXX:443 Failed
(T6984) 01/13/12 15:36:48:250 Error( 135): do_tcp_connect()
(T6984) 01/13/12 15:36:48:250 Error(3664): ConnectSSL: Failed to connect to ' 84.88.XXX.XXX:443'. Disconnect ssl.
(T4988) 01/13/12 15:36:48:299 Error(6788): NetworkDiscoverThread: failed to discover external network.
And in System Monitor of PAN device i got the following filtering by ( subtype eq globalprotect )
subtype : globalprotect
severity: informational
Event: globalprotectportal-config-succ
Object: portal-tunnel.1
Description: GlobalProtect portal client configuration generated. Login from: 213.97.XXX.XXX, User name: user1, Config name: default-user-config.
subtype :globalprotect
severity: informational
Event: globalprotectportal-auth-succ
Object: portal-tunnel.1
Description: GlobalProtect portal user authentication succeeded. Login from: 213.97.XXX.XXX, User name: user1.
No news from Gateway.... Your help will be apreciated.
Thanks in advance.
Albert
01-16-2012 12:02 AM
Hi Albert,
I only remember to have seen this message if you have more than 1 IP address defined on the GlobalProtect Portal definition or if you have an internal IP address defined.
Or if you defined HIP profiles.
Also you cannot download/configure the GlobalProtect Data File Dynamic Update Schedule.
Can you check please?
Cheers,
Stijn.
01-17-2012 06:26 AM
Now there is no license error but the vpn-ssl does not connect.
I have only one portal with only one IP address and I have no Internal Gateway only an External Gateway. Also I have not HIP profiles.
01-17-2012 01:19 PM
Hi,
If you have only 1 external IP, no HIP and no GlobalProtect Data File updates, you should not see the license warning I believe.
If still seen, please open a TAC case.
---
Regarding the gateway error connection. You don't use NAT and if yes, not on a port different than 443?
Normally I would say to use the same IP for the Portal and Gateway definition, reachable on port 443.
Also make sure not to have any 'spaces' in the name of any of the GlobalProtect configurations.
If not working, please open a TAC case as well.
You also might want to check this post: https://live.paloaltonetworks.com/docs/DOC-1666
Cheers,
Stijn.
01-18-2012 04:19 AM
Hi,
Might this issue have been yours?
34469 – Incorrectly receiving the warning message “No valid GlobalProtect portal license” and “No valid GlobalProtect gateway license” when committing the configurations. Issue occurred when a translated SSL VPN was created by the 4.0 to 4.1 upgrade, so the portal/gateway configuration is valid and the errors should not be displayed.
If yes, please upgrade to v4.1.2 released last night.
Regards,
Stijn.
01-21-2012 07:08 AM
We had this same issue. We are staying away from 4.1.1 and 4.1.2 until further bugs get cleaned up. Also, when we upgraded to 1.1.1 GlobalProtect client and software 4.1.2, GlobalProtect would get caught up "Connecting" and would not connect. We have reverted to 4.0.5 and 1.0.5 and everything works the way that it should.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
