GP gateway drops to SSL and client gets disconnected..?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GP gateway drops to SSL and client gets disconnected..?

L2 Linker

Hi all -- I just noticed an odd behavior affecting all GP clients (running on PA200, PANOS 6.0.3, GP Client 2.0.3), but I haven't changed anything recently.

In looking at the System log, I see users connecting successfully ('portal user auth succ', 'portal client config gen', 'gateway user auth succ', 'gateway user login succ', 'gateway client config gen').. But then there's a 'gateway client switch to SSL tunnel mode', and 30secs later, there's a 'gateway client config release', and 'user logout succeeded'.  All connections up until today have used IPSec, and for whatever reason, SSL sessions logout immediately (because we don't have a certificate?)..

Could this be a network issue?  We've been having issues with out internet provider lately, and pings are averaging around 60ms from the public side, tho that doesn't seem slow.  Is there anything I could check internally? 

Any help is much appreciated. Thanks

6 REPLIES 6

L4 Transporter

Hi Thatguy

Please read this topic How GP selects between SSL and IPSEC?

As mentioned You can forse IPSEC mode - try and let us know how its working.

Of course please try to connect from local networks - is it working?

Maybe Your ISP filtering IPSEC - ask them.

Regards

Slawek

L7 Applicator

Could you post the log message the Palo Alto generates on the firewall logs when the client disconnects?

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Here is the same set of msgs that get logged for every user now.  Prior to yesterday, we would get the same set of msgs, except for the switch to SSL.  Since that started, users are immediately logged out. 

pa200.jpg

L2 Linker

Apparently, this was a non-issue.  I had to do a hard reboot of the PA200 and suddenly the IPSec tunnel was fine.  Just weird.  Thanks for the replies anyway.

The universal solution to computer problems, reboot.

But a little disappointing that there is not a clearer logging on a problem.  these look like normal sessions.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L0 Member

Hello,

I was facing the same issue and i was seeing the same logs on the PA device.

HA cluster PA500

PANOS 6.0.3

GP: 2.0.4

I have hard rebooted the devices but it did not solve the issue.

I had to install the new version of GP: 2.2 to solve this problem. And now i am able to connect in an instant way and without any issue.

Regards,

Phfa

  • 7025 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!