Anybody else having problems with GP clients not connecting after upgrading globalprotect to 5.0.5? It looks like 'real time scanning' feature of our Symantec endpoint protection is not being recognized and therefore HIP profile not matching.
To troubleshoot the issue, you can check if HIP Match is taking place as expected, by checking the HIP match logs.
You can also check the full HIP Report by running the below command from CLI:
> debug user-id dump hip-report ip <IP-Address> user <Username> computer <Computer>
To know exactly what to type for the needed fields, you can navigate to "Network > GlobalProtect > Gateways", and then click on "Remote Users", identify the user and fill in according to the below mapping:
<IP-Address> --> Private IP
<Username> --> Primary Username
<Computer> --> Computer
I hope this helps!
Thank you Aamarin. I already checked HIP and debug hip commands. It seems like we are running into a bug. TAC is investigating, but I was curious if anybody else has experienced similar.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!