Unable to connect the VPN ( X-Auth Support) from the Linux machine using third party client

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to connect the VPN ( X-Auth Support) from the Linux machine using third party client

L1 Bithead
Hi Team,
 
++ We have upgraded the firmware from PAN-OS 10.0.11 to PAN-OS 10.1.8 after we are facing a VPN disconnected automatically for Linux users.
 
++ The Linux users used to connect the firewall using the third-party VPN agent.
 
++ We have checked the X-Auth Support configuration and it's looking good.
 
++ Performed the VPN connectivity from the Linux machine and monitor the user stats in global protect it showed connected and after 30 to 45 sec, it automatically disconnected. but still, the end user machine VPN agent showing as connected.
 
++ The firewall is working with a High Availability Active-Active setup. We have tested when the firewall is standalone the Linux users connected and worked the VPN without any issues but after incorporating the HA we have faced the disconnectivity issue.
 
++ We suspected some misbehavior happening when the firewall incorporated with HA Active-Active state.
 
++ But we couldn't find the exact RCA. Kindly help to fix the issue ASAP.
 
Thanks for the prompt responses.
 
2 REPLIES 2

Cyber Elite
Cyber Elite

@AhamadullahM,

How is the GlobalProtect Gateway IP configuration across these units? I'm guessing that you're seeing traffic hit both firewalls instead of just the session-owner, which would cause issues in an X-Auth setup that you wouldn't necessarily see in the actual GlobalProtect agent. 

Hi BPry,

 

Thanks for the response.

 

For Windows users using the global protect agent is successfully connected. Linux users don't have GP licenses. We have checked the data plane usage is 0 in the standby device.

 

In the previous version, 10.0 everything is working fine.

 

Kindly help us How can we isolate the issue?

 

 

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!