This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problems with GlobalProtect from China?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Problems with GlobalProtect from China?

hklygre
L1 Bithead

‎09-03-2015 01:01 AM

Hi,

 

  we have a user who spends a lot of time in China, but is having major problems getting GlobalProtect working while there.  Does anyone else have any experience running GlobalProtect out of China (to Norway, in our case), either positive or negative?

 

We're seeing tunnels sometimes going down for no apparent reasons, "Failed to connect to remote host" messages on reconnect, and generally poor performance.  Most of the time the user isn't able to use GlobalProtect.

 

- Håvard

0 Likes Likes
6 REPLIES 6

Hithead
L4 Transporter

‎09-03-2015 02:40 AM - edited ‎09-03-2015 02:41 AM

hi,

 

we also have remote users in china. they don't having problems at all...

If (just sometimes) they have problems to conntect is because of the china great firewall: - latency issue and trying to decrypt SSL connections.

Workaround: waiting or try another portal.

 

check how the latency is from the client is, use a newer version of GP and ensure a none decrypted connection...

hklygre
L1 Bithead
In response to Hithead

‎09-08-2015 03:46 AM

We currently have only one portal (and one gateway), so trying another isn't an option.  However, it was suggested to me to try running a PAN-OS VM in AWS (Singapore), which might bypass some of the issues with the chinese firewall.  I'll see if I can try it this month.

0 Likes Likes

goran.katava
L2 Linker
In response to hklygre

‎02-11-2020 06:01 AM

I notice this old thread, but would like to comment on it and maybe get more replies. 

We have hosted Global Protect in China with mixed results. It used to work on Verizon line, but since we switched to China telecom it is not working. It seems like the problem is ssl connection, and that ssl requests are not even reaching the portal/gateway. 

 

0 Likes Likes

aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to goran.katava

‎02-12-2020 05:15 AM

Hi @goran.katava,

 

Are you sure that you are using the GlobalProtect in SSL mode and not in IPsec mode?

 

In the past I had issues with IPsec based RA VPN (on another firewall vendor) for users connecting from China and the solution was to switch from IPsec to SSL for the RA VPN. This was few years ago and I am surprise to hear that the SSL based VPN is having issues. 

 

 

0 Likes Likes

SutareMayur
Cyber Elite
Cyber Elite
In response to aleksandar.astardzhiev

‎02-12-2020 07:14 AM

Hello All,

 

We had also faced issues with IPSEC from China. Most of the times, there were huge latency and drops too.

 

- Mayur

M
0 Likes Likes

goran.katava
L2 Linker
In response to aleksandar.astardzhiev

‎04-01-2020 06:36 AM

Yea, I am sure, IPSEC mode. 

 

All sudden it started working. It was most probably blocked by ISP.

 

0 Likes Likes
  • 10833 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks