09-26-2024 02:53 PM
AT&T has provided our users with virtual machines using VMware Horizon Client. However, when in the office, our users cannot connect to their VDI machine. However, when external, using our GlobalProtect VPN, they connect successfully.
Error: Loading Failed
VDPCONNECT_CONNECT_TLS: The connection to the gateway or the remote computer could not be established because of a TLS error. This could be due to a TLS handshake failure, a certificate check failure or other related errors. If the issue persists, please contact your system administrator."
We are using PA-220 in this office location and are on Panorama 10.2 . Googling the error points to me having to allow or set up VDI connections in the firewall?
May I get direction on how to do this or how to check it please?
09-26-2024 03:44 PM
Hi @RDominguez ,
I would check the monitor tab and view traffic between your internal network and the VDI environment. What do the logs look like? Are you seeing the traffic being allowed? If you click into the advanced details, do you see see bytes being sent and returned?
I would verify you have the proper security policies created to allow connectivity from your internal network to the VDI as well. You mentioned this connection works while connected to GP. Is split-tunnel setup to where all traffic to internal resources are tunneled and external traffic does not go through the VPN? This could be a reason why GP clients are able to connect to the VDI environment.
09-26-2024 08:00 PM
You can check your SSL decryption logs if you have enabled SSL decryption. And try to exclude the same for testing. If that resolved the problem you can further dig into SSL decryption part. But SSL Decryption is recommended so, only exclude the minimal number of system and verify.
10-10-2024 08:49 AM
thats the crux of the issue, not quite sure how to do that? About to start my Panorama learning journey next week, but in the meantime, we've had this issue for months..
I log into Panoram, I click Monitor tab > traffic > then how do I narrow my search down?
I have it down to this specific office location in my search"
( device_name eq 'off2-ngfw1' )
but from the monitor > traffic tab how do I narrow it down further?
Or is there a better way to do so?
p.s. how would you recommend to me as the best method of learning the Panorama Firewall system from Palo Alto as a total green horn?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
