07-30-2014 05:48 PM
Hi all -- I just noticed an odd behavior affecting all GP clients (running on PA200, PANOS 6.0.3, GP Client 2.0.3), but I haven't changed anything recently.
In looking at the System log, I see users connecting successfully ('portal user auth succ', 'portal client config gen', 'gateway user auth succ', 'gateway user login succ', 'gateway client config gen').. But then there's a 'gateway client switch to SSL tunnel mode', and 30secs later, there's a 'gateway client config release', and 'user logout succeeded'. All connections up until today have used IPSec, and for whatever reason, SSL sessions logout immediately (because we don't have a certificate?)..
Could this be a network issue? We've been having issues with out internet provider lately, and pings are averaging around 60ms from the public side, tho that doesn't seem slow. Is there anything I could check internally?
Any help is much appreciated. Thanks
07-30-2014 11:53 PM
Hi Thatguy
Please read this topic How GP selects between SSL and IPSEC?
As mentioned You can forse IPSEC mode - try and let us know how its working.
Of course please try to connect from local networks - is it working?
Maybe Your ISP filtering IPSEC - ask them.
Regards
Slawek
07-31-2014 03:04 AM
Could you post the log message the Palo Alto generates on the firewall logs when the client disconnects?
07-31-2014 06:26 AM
Here is the same set of msgs that get logged for every user now. Prior to yesterday, we would get the same set of msgs, except for the switch to SSL. Since that started, users are immediately logged out.
08-01-2014 06:13 AM
The universal solution to computer problems, reboot.
But a little disappointing that there is not a clearer logging on a problem. these look like normal sessions.
04-29-2015 05:40 AM
Hello,
I was facing the same issue and i was seeing the same logs on the PA device.
HA cluster PA500
PANOS 6.0.3
GP: 2.0.4
I have hard rebooted the devices but it did not solve the issue.
I had to install the new version of GP: 2.2 to solve this problem. And now i am able to connect in an instant way and without any issue.
Regards,
Phfa
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
