I am seeing some traffic initiated from GP interface to outside using source port udp/4500 to public IPs of clients( GP uses 4501 and I have xauth configured). Are these traffics are because of GP xauth configuration.. anybody has noticed it before ?.
I dont have any Ipsec tunnels configured from this interface.
thanks in advance.
@Abdul_Razaq If you don't use any 3rd party clients with X-Auth, it could also be your standard users. The global protect agent will try IPSec connection to the Gateway and only if it fails will use SSL. This is enabled by default and configurable under “Global Protect>Agent>Tunnel Settings”
Hi @BatD ,
I am seeing these traffic only for third party clients, I am seeing traffic initiated from PA with source udp/4500 to client public IPs (it is blocked by policy ).
As it is port 4500, I can make sure that it is because of third party client as GP uses 4501 in tunnel mode. I am wondering what is inside that packets, what PA is trying to send, is it the tunnel initiation? ( even though the policy is denying it, the IPSec connection is fine in responder mode).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!