Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-05-2018 12:33 AM
Hi @Radmin_85,
You're not giving us much to work with ... what debugging have you done already and what OS are you running ?
Maybe:
Cheers !
-Kiwi.
07-05-2018 12:33 AM
Hi @Radmin_85
Are you saying that when you go to Monitor -> HIP Match there are no entries? Please note for entries to appear here it must match the below criteria:
GlobalProtect Gateway License Valid
The HIP Object is matched: (Objects -> HIP Objects)
HIP Collection is turned on in the portal: Network -> Portals -> Portal Name -> Agent -> Config Name -> Data Collection -> Collect HIP Data
Otherwise, are you saying you receive an error when trying to display these logs? Could you perhaps provide any more insight into the issue you're facing?
Thanks,
Luke.
07-05-2018 12:37 AM
PA OS 8.1.2
I will give more info soon
07-05-2018 03:29 AM
i have made all you reccomendations
but there is no entry under monitor tab
07-05-2018 03:34 AM - edited 07-05-2018 03:37 AM
Hi @Radmin_85,
I presume you have a GlobalProtect Gateway License. Could you send a screenshot of your HIP Profile and HIP object and attach the pangps.log file from the GlobalProtect "Collected.zip" from the client machine?
Edit: also the output from the command:
> debug user-id dump hip-report computer <computername> ip <ip> user <username>
Thanks,
Luke.
07-05-2018 09:08 AM - edited 07-05-2018 09:10 AM
how i can add here log files collected from GP agent?
07-05-2018 09:12 AM
Hi @Radmin_85
You may upload them to some cloud storage such as Google Drive, OneDrive etc then share the link here.
Do you also have a screenshot of your HIP Profiles and Objects on the firewall?
Thanks,
Luke.
07-05-2018 10:06 AM
Hi @Radmin_85,
So HIP checking appears to be running.
(T15896) 03/12/18 15:47:53:181 Debug(3976): HipReportThread: HipReportThread starts up.
(T15896) 03/12/18 15:47:53:181 Debug(4002): HipReportThread: wait for HIP report ready event.
(T10032) 03/12/18 15:47:53:181 Debug( 25): create thread 0x798 with thread ID 15916
(T15788) 03/12/18 15:47:53:181 Debug(4208): NetworkConnectionMonitorThread: network connection monitor thread starts.
(T15916) 03/12/18 15:47:53:181 Debug( 167): Start HipCheckThread
(T10032) 03/12/18 15:47:53:181 Debug( 25): create thread 0x794 with thread ID 15908
(T15916) 03/12/18 15:47:53:181 Debug( 210): HipCheckThread started...
(T15916) 03/12/18 15:47:53:181 Debug( 216): HipCheckThread: wait for hip check event for 3600000 ms);
However, you're not matching any HIP profiles because you're not able to connect to the GlobalProtect portal.
(T10032) 03/12/18 15:47:51:427 Debug(5724): portal status is Invalid portal.
(T10032) 03/12/18 15:47:53:529 Info (6766): Portal config does not exist, try registry/plist
(T10032) 03/12/18 15:47:53:529 Debug(4677): --Set state to Disconnected
Can you confirm your GlobalProtect Portal is appropriately configured with an Agent Config? Please follow from Step 5 in the below example documentation.
Thanks,
Luke.
07-18-2018 12:53 AM
I have tested . no event is logged in the HIP Match log . and also traffic from smartphone not denied. I suppose global protect clients not sending HIP info to palo alto.
07-18-2018 04:04 AM
admin@paloalto> debug user-id dump hip-profile-database statistics
Total number of hipmask in database: 9
Total number of logout records in database: 75
Total size of hip reports: 1033KB used / 740352KB
admin@paloalto> debug user-id dump hip-profile-database ipmapping
Total number of ipmappings in database: 0
No record exists or matches!
admin@paloalto> debug user-id dump hip-profile-database entry
Total number of hipmask in database: 9
Total number of logout records in database: 75
Total size of hip reports: 1033KB used / 740352KB
No record exists or matches!
09-04-2018 09:25 AM
Is there any commands I can run to display version of GlobalProtec client for all users? The version can be seen from the gui but for just a given user and the same info I can get by running below commands but again this command displays a version for that user only.
debug user-id dump hip-report computer <computer-name> ip <global-protect-assigned-ip> user <username>
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
