11-07-2011 02:10 AM
Hello to everyone,
I migrate my PAN 500 from 4.0.7 to 4.1.0, with previously configured SSL-VPN which was operational. After migrating to new FW, SSL-VPN migrated to Global Protect portal with all configured settings and with new GP client to end nodes, but new GP client can't connect to gateway.
I troubleshoot a while and from client side (protocol error picture) have error, can't connect to ssl, check server certificate and protocol error message.
When I'm trying https to my gateway address from browser, I'm permitted to connect to portal and gain client download page. Only during this process PAN system logging this, but attempts from GP client was not logged neither.
Is there someone with same issue and solution?
11-08-2011 12:45 AM
Dwalter, please keep us informed about support response...
11-08-2011 01:09 AM
Looks like I have the same problem.
Portal https webside is not comming up. In Monitor traffic to port 443 dosn't show up at all.
On a second firewall everything is working like expected, but there wasn't a ssl vpn client installed before the upgrade.
since configurating globalprotect i have this messages in the system log.
2011/11/07 09:47:38info general general 0 File zeroization error: No such file or directory
2011/11/07 09:47:38info general general 0 File zeroization error: No such file or directory
2011/11/07 09:47:38info general general 0 File zeroization error: No such file or directory
2011/11/07 09:47:38info general general 0 File zeroization error: No such file or directory
2011/11/07 09:47:39info general general 0 File zeroization error: No such file or directory
2011/11/07 09:47:39info general general 0 File zeroization error: No such file or directory
2011/11/07 09:47:39info general general 0 File zeroization error: No such file or directory
2011/11/07 09:47:39info general general 0 File zeroization error: No such file or directory
2011/11/07 09:48:07info routing routed- 0 Route daemon configuration load phase-2 succeeded.
11-08-2011 06:28 AM
Well it seems we may have had two separate issues. I was getting the SSL issues, but rekeyed my cert from Digicert and it seemed that issue went away. However, I think I found an issue where if Windows 7 network discovery is disabled, the client won't connect. When I used my home pc (non-domain) to test the vpn it connected just fine, yet my domain machines (all Win 7) tried to connect they'd fail. I had a GPO that disabled network discovery on non-domain networks. Once I enabled it again, it seemed to allow the clients to connect again.
11-11-2011 12:46 AM
Nothing new! I straggling with this GlobalProtect almost a week, but nothing. Always the same from the client side (can’t connect to ssl, protocol error, check server certificate). I reissue new server certificate, configuring from zero GP portal and gateway, trying various configuration regarding documentation, but still the same. Is there mandatory configuring HIP clients and profiles, prior to configure GP portal and gateway?
Anyone have PAN 500 platform and operational GP clients and gateway?
11-21-2011 06:21 AM
I had the same issue, Netconnect worked fine but after the upgrade to 4.1 I was only able to get a single machine to make the VPN connection using Globalprotect. I spent about 2+ hours with tech support Friday trying to get it working. I showed them how I was able to connect with one machine but no others and they apparently couldn't discover anything from the logs. The last suggestion they made was to make sure I installed the Globalprotect client using an admin account, that didn't help. I finally decided to come in over the weekend and roll everything back to 4.07. Now things are working again, except for the cleanup of clients on user machines that tried the switch to Globalprotect. With the holiday coming and people leaving town, I couldn't leave our system setting with a VPN connection that didn't work.
I really liked the 4.1 GUI changes but I'm not sure it's ready for "prime time". I also noticed that sometimes the GUI would stall when I changed screens and the help link wasn't working.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
