This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SSL VPN with Global Protect Agent 1.2.0 on different port

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSL VPN with Global Protect Agent 1.2.0 on different port

LCMember17002
L2 Linker

‎11-20-2012 07:00 AM

Hello there,

on a PA-500 we're running our Global Protect portal and gateway on port 8443 according to https://live.paloaltonetworks.com/docs/DOC-3457 .

This worked well up to agent version 1.7.0. Since version 1.2.0 the agent ignores to port configuration and always tries to connect to port 443.

I've seen numerous log entries on the webserver running on port 443 like "/ssl-vpn/prelogin.esp" and "/ssl-vpn/login.esp" with UserAgent "PAN+GlobalProtect".

Going back to version 1.1.7. solved this.

Is there anybody else who can confirm this, or did I miss a new configuration option in PANOS 5.0?

Thanx

Labels:
0 Likes Likes
7 REPLIES 7

LCMember17002
L2 Linker

‎08-22-2013 05:21 AM

Any updates on this?

0 Likes Likes

panos
L6 Presenter
In response to LCMember17002

‎08-22-2013 05:30 AM

you can see on doc comments there is a bug has not been fixed .you cannot write port inside client configuration gateway tab.so maybe for agent version also there is something wrong.but after 5.0.2 I could not use that port option.Waiting for fix.Opened a case.Support told they will fix that.

(learned that this bug fixed with 5.0.6)

0 Likes Likes

emr_1
L5 Sessionator
In response to panos

‎08-22-2013 05:47 AM

If you are talking about bug#50133, it was fixed on v5.0.6.

50133—When configuring a GlobalProtect portal and adding an external gateway address for GlobalProtect clients, the IP format ip-address:port could not be added. Update made to allow this format.

Regards

0 Likes Likes

panos
L6 Presenter
In response to emr_1

‎08-22-2013 05:51 AM

yes this one.if this works with 5.0.6 then admin@peri what is your version ?

0 Likes Likes

panos
L6 Presenter

‎08-23-2013 01:25 PM

I replicated this with version 1.2.4 and 1.2.5(using a local interface)

you are right it still tried to connect for ssl 443 port and it gave certification error( because port 443 is busy for another service in our test lab)

so I installed 1.1.7 and it worked !!!

After that I tried with loopback interface.And it is working.I tried with ppoe interface.I don't know why we could not connect with Lan interface instead of loopback but that is working fine.

LCMember17002
L2 Linker
In response to panos

‎09-10-2013 03:33 AM

I'm on version 5.0.6 since a few weeks. Is it fixed with the latest 5.0.7 version? According to this post (Can GlobalProtect Portal Page be Configured to be Accessed on any Port?) yes, but can someone verify?

0 Likes Likes

panos
L6 Presenter
In response to LCMember17002

‎09-10-2013 03:40 AM

with loopback interface it is working fine.I am using with 5.0.6

0 Likes Likes
  • 3717 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks