Clientless/GP portal does not load in browser on 10.2.9-h1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Clientless/GP portal does not load in browser on 10.2.9-h1

L3 Networker

We are facing an issue where the Clientless/GP Portal does not show the login page on the browser.

When traffic reaches the external firewall, we see the connection being allowed. We are using the Go Daddy cert and have ensured the cert chain is complete on the firewall.

The strange part is it works if we use GP Client we can connect to GP Portal just fine but it's clientless and web portal that is not loading and the browser gives us the error:

ERR_EMPTY_RESPONSE

This page isn’t working right now.

"Portal address" didn’t send any data.

Curl Shows: Curl Error 56 "Failure when receiving data from the peer"

The PANOS version is 10.2.9-h1, we can see all public IPs coming to the portal and the connection is ending with reason TCP-FIN.

We have already tried restarting the web-related process, and "sslmgr" process does not seem to help.

What can we do or if we need to restart the process related to GP/Clientless VPN in Palo.

Would appreciate any suggestions.

GlobalProtect 

2 REPLIES 2

L3 Networker

Collect HAR files using a developer tool and analyze it for any errors. Also take pcap on client to find out SSL handshake failures. 

Cyber Elite
Cyber Elite

@UtkarshKumar,

Sounds like your running into PAN-259760 which is a known issue in PAN-OS 10.2, so restarts and such aren't really going to help. Install 10.2.9-h14 and the issue should be resolved.

  • 369 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!