10-20-2019 08:45 AM
Hi Team,
I am seeing some traffic initiated from GP interface to outside using source port udp/4500 to public IPs of clients( GP uses 4501 and I have xauth configured). Are these traffics are because of GP xauth configuration.. anybody has noticed it before ?.
I dont have any Ipsec tunnels configured from this interface.
thanks in advance.
10-21-2019 01:44 AM
@Abdul_Razaq If you don't use any 3rd party clients with X-Auth, it could also be your standard users. The global protect agent will try IPSec connection to the Gateway and only if it fails will use SSL. This is enabled by default and configurable under “Global Protect>Agent>Tunnel Settings”
10-21-2019 02:00 AM
Hi @BatD ,
I am seeing these traffic only for third party clients, I am seeing traffic initiated from PA with source udp/4500 to client public IPs (it is blocked by policy ).
As it is port 4500, I can make sure that it is because of third party client as GP uses 4501 in tunnel mode. I am wondering what is inside that packets, what PA is trying to send, is it the tunnel initiation? ( even though the policy is denying it, the IPSec connection is fine in responder mode).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
