09-03-2015 01:01 AM
we have a user who spends a lot of time in China, but is having major problems getting GlobalProtect working while there. Does anyone else have any experience running GlobalProtect out of China (to Norway, in our case), either positive or negative?
We're seeing tunnels sometimes going down for no apparent reasons, "Failed to connect to remote host" messages on reconnect, and generally poor performance. Most of the time the user isn't able to use GlobalProtect.
09-03-2015 02:40 AM - edited 09-03-2015 02:41 AM
we also have remote users in china. they don't having problems at all...
If (just sometimes) they have problems to conntect is because of the china great firewall: - latency issue and trying to decrypt SSL connections.
Workaround: waiting or try another portal.
check how the latency is from the client is, use a newer version of GP and ensure a none decrypted connection...
09-08-2015 03:46 AM
We currently have only one portal (and one gateway), so trying another isn't an option. However, it was suggested to me to try running a PAN-OS VM in AWS (Singapore), which might bypass some of the issues with the chinese firewall. I'll see if I can try it this month.
02-11-2020 06:01 AM
I notice this old thread, but would like to comment on it and maybe get more replies.
We have hosted Global Protect in China with mixed results. It used to work on Verizon line, but since we switched to China telecom it is not working. It seems like the problem is ssl connection, and that ssl requests are not even reaching the portal/gateway.
02-12-2020 05:15 AM
Are you sure that you are using the GlobalProtect in SSL mode and not in IPsec mode?
In the past I had issues with IPsec based RA VPN (on another firewall vendor) for users connecting from China and the solution was to switch from IPsec to SSL for the RA VPN. This was few years ago and I am surprise to hear that the SSL based VPN is having issues.
02-12-2020 07:14 AM
We had also faced issues with IPSEC from China. Most of the times, there were huge latency and drops too.
04-01-2020 06:36 AM
Yea, I am sure, IPSEC mode.
All sudden it started working. It was most probably blocked by ISP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!