This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Additional global protect portal and gateway

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Additional global protect portal and gateway

DF2020
L0 Member

‎09-07-2020 09:08 AM

Hi

 

We have a working user-logon always on GP setup using certificates to authenticate, but we would like to make some changes and go to prelogon, but with most of the company working remotely we thought we would play it safe and setup a second GP instance on our 820 to use as a testing environment, this is where things got interesting. As a test we have managed to setup a second GP portal instance working with Microsoft authenticator (RADIUS) on-demand, via the loopback method. This allows us to log in (after being prompted by authenticator) and download the client, but once the GP client is installed and we try to connect it just comes up with the error saying  "Error: No network Connectivity. Please verify your network connection and try again", but nothing shows up in the PA's logs for that attempt. I have tried various tweaks thinking it would help but so we havent got much further

 

 

0 Likes Likes
2 REPLIES 2

BPry
Cyber Elite
Cyber Elite

‎09-07-2020 07:01 PM

@DF2020,

So you've gotten to the portal, but you haven't been able to actually verify the gateway access. You need to start focusing on the gateway configuration and making sure that the gateway is accessible. You'll also want to double check that you have a policy that would match any denied traffic to the portal/gateway IP address or enable logging on the interzone-default policy so that you can verify that your security rulebase is actually correct.

Are you using the same address for your portal/gateway, or are you seperating those out? 

0 Likes Likes

Namalw
L1 Bithead

‎09-07-2020 11:48 PM

Addition to recommendations from DF2020, please check if you haven't mis-typed the portal address on the GP client, I encounter the same issue where portal name was incorrect and GP client reported it as "Error: No network Connectivity. Please verify your network connection and try again"

 

0 Likes Likes
  • 2412 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks