This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GP users are getting denied random times

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GP users are getting denied random times

GeorgiosFakis
L3 Networker

‎11-27-2019 04:57 AM

I have global protect v5.0.5 deployed to all Corporate Windows and some users reported that when they work everything stop to work and suddenly after 5-10 minutes is back again without disconnecting them from the global protect .This happen random times and not always .I have a user though that he reports that every day for the last week .

 

Palo Alto version is 8.1.11 VM-300 and GP agent 5.0.5 on a Windows 10.

 

I can see from the logs user is working fine in one server , then traffic getting blocked and can see only traffic log but not threat etc. 

 

I am allowing based on the IP and the Zone and destination is any app any service .

HIP looks fine and agent is sending the report every hour .

 

Today this happened to a user connected 7 am and stopped working around 10am for 5 minutes .In the logs I can see HIP reports were send before and after the incident and user-id was reported that was learned from the AD .

 

I can see from the logs if that is helping that user is not written and after working is written . Is that related to USER-ID where I need to exclude the IP pools from the GP on the USER-ID ?

23 REPLIES 23

MickBall
L7 Applicator
In response to GeorgiosFakis

‎11-28-2019 03:34 AM

I would extend that to 480 (8 Hours)

I have mine set to 24 hours but for some thats too long.

 

4 Hours may be OK.   but try  8 and reduce if needs be.

MickBall
L7 Applicator
In response to GeorgiosFakis

‎11-28-2019 03:41 AM

also use....:-

 

show user ip-user-mapping  all

 

this will display all known users to IP address and when the expire

0 Likes Likes

GeorgiosFakis
L3 Networker
In response to MickBall

‎12-05-2019 01:06 AM

Hi

 

I have done this but again user reported that next day . 

 

I got debugging logs from user and I see it's an issue on HIP report that timed out . I have opened a case with Palo Alto and waiting their availability to check it .

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to GeorgiosFakis

‎12-05-2019 08:37 AM - edited ‎12-05-2019 08:38 AM

Keep us posted on this.

Lets see what PA says?

 

Surprise Hip report can cause this issue

MP
0 Likes Likes

GeorgiosFakis
L3 Networker
In response to MP18

‎12-06-2019 12:33 AM

PA released version 5.0.6 that fix some HIP issues. Now for the case I have they are still reviewing the files I sent them .

 

From what I see is that :

 

 (T20032) 11/28/19 11:18:03:568 Debug(4477): Send hip report check failed

 

I have increased the timeout to 1 day for the HIP report from 3 hours that was set.I will keep you posted .

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks