VPN-SSL through Palo Alto

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VPN-SSL through Palo Alto

L4 Transporter

Hi, im having problems connecting with VPN-SSL clients (Global Protect and SonicWALL VPN Client). We have a firewall Palo Alto to go to internet and i use these VPN clients for connecting to several branches but i dont know why my Palo Alto (which VPNs go through) is having a strange behaviour. I dont see any connection in the MONITOR TRAFFIC about the start session VPN-SSL from my machine to the tunnel destination.

We have another way to go to internet through a JUNIPER SSG and in this case the clients VPN are connecting correctly and everything is working.

how palo alto treats the VPN-SSL traffic which go though itself?

thanks

1 accepted solution

Accepted Solutions

the zone protection was the problem.......THANKS

Fix.jpg

View solution in original post

4 REPLIES 4

L7 Applicator

Hello COS,

Are you facing this problem from a specific machine or from all machines ( with your credentials).?

Are you able to login into the GP portal with same credentials..?

You can enable debugging into the GP client to get some more information:

GP-client.JPG

Troubleshooting GlobalProtect, PAN-OS 4.1

Thanks

It happens in all the machines.

Since another branch in which we also go to internet through PA it happens the same. Its like Palo Alto is denying the connection or doing something but i cant see anything in the log.....

i attached the sinicwall´s log

when it works asked me for the PSK. going trough PA it doesnt reach to asked me this.

I attached the GP log

the zone protection was the problem.......THANKS

Fix.jpg

  • 1 accepted solution
  • 2938 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!