Help Allowing VDI Connections

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Help Allowing VDI Connections

L1 Bithead

AT&T has provided our users with virtual machines using VMware Horizon Client.  However, when in the office, our users cannot connect to their VDI machine.  However, when external, using our GlobalProtect VPN, they connect successfully.

 

Error: Loading Failed​
VDPCONNECT_CONNECT_TLS: The connection to the gateway or the remote computer could not be established because of a TLS error. This could be due to a TLS handshake failure, a certificate check failure or other related errors. If the issue persists, please contact your system administrator."

We are using PA-220 in this office location and are on Panorama 10.2 . Googling the error points to me having to allow or set up VDI connections in the firewall? 

May I get direction on how to do this or how to check it please?

3 REPLIES 3

Community Team Member

Hi @RDominguez ,

 

I would check the monitor tab and view traffic between your internal network and the VDI environment. What do the logs look like? Are you seeing the traffic being allowed? If you click into the advanced details, do you see see bytes being sent and returned? 

I would verify you have the proper security policies created to allow connectivity from your internal network to the VDI as well. You mentioned this connection works while connected to GP. Is split-tunnel setup to where all traffic to internal resources are tunneled and external traffic does not go through the VPN? This could be a reason why GP clients are able to connect to the VDI environment. 

 

 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L3 Networker

You can check your SSL decryption logs if you have enabled SSL decryption. And try to exclude the same for testing. If that resolved the problem you can further dig into SSL decryption part. But SSL Decryption is recommended so, only exclude the minimal number of system and verify.

Edsnow

thats the crux of the issue, not quite sure how to do that? About to start my Panorama learning journey next week, but in the meantime, we've had this issue for months.. 

I log into Panoram, I click Monitor tab > traffic > then how do I narrow my search down?

 

I have it down to this specific office location in my search"

( device_name eq 'off2-ngfw1' )

 

but from the monitor > traffic tab how do I narrow it down further? 

 

Or is there a better way to do so? 

 

 

p.s. how would you recommend to me as the best method of learning the Panorama Firewall system from Palo Alto as a total green horn? 

  • 907 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!