06-16-2021 02:10 PM
I am having an issue logging into the VPN on my Apple devices. I can connect to the VPN via the windows laptop, but I cannot on my Apple laptop. I keep receiving this error message on the Macbook Pro "[Error]: Gateway VPN External Gateway: The network connection is unreachable, or the gateway is unresponsive. Check the network connection and reconnect.". I can successfully access the VPN on windows without any issues, and I am using the same credentials to log in. Has anyone encountered this issue before?
06-17-2021 04:54 AM
not had this error myself but i assume the login to the portal is OK, or is that failing too and using cached app config for gateway. what happens when you browse to the portal.??
06-17-2021 06:05 AM
Login to the portal is fine. I can type in the portal address in a web browser and it comes up and I can login on the browser without any issues. I can also access the vpn on the windows without any issues either. The error message populates when I sign onto any Apple products via the vpn software.
06-17-2021 08:10 AM
does the pangps log file show any useful info... it would be worth checking if GP to portal is ok then fails on gateway only, any certs involved here? also... i assume you have no gateway restrictions for windows only on firewall gateway settings.
06-17-2021 12:33 PM
This is in the logs:
470-T12807 06/16/2021 15:49:57:142 Debug( 458): error detail is Server cert verification failed
P 470-T12807 06/16/2021 15:49:57:142 Info ( 281): Session <__NSURLSessionLocal: 0x7f9591320780> set to (null)
P 470-T12807 06/16/2021 15:49:57:142 Debug( 653): GetHttpResponse: m_errorDetails is Server cert verification failed.
P 470-T12807 06/16/2021 15:49:57:142 Debug(3633): Login to gateway **.**.**.** without ipv6
P 470-T12807 06/16/2021 15:49:57:142 Debug(5564): Show Gateway VPN External Gateway: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
P 470-T12807 06/16/2021 15:49:57:142 Debug(3890): Failed to pre-login to the gateway **.**.**.**
P 470-T12807 06/16/2021 15:49:57:142 Info (2678): Failed to retrieve info for gateway **.**.**.**
P 470-T12807 06/16/2021 15:49:57:142 Debug(2689): tunnel to **.**.**.** is not created.
P 470-T12807 06/16/2021 15:49:57:142 Debug(4095): Create tunnel failed for manual gateway **.**.**.** using IPv4.
P 470-T12807 06/16/2021 15:49:57:142 Debug(6849): --Set state to Disconnected
P 470-T12807 06/16/2021 15:49:57:144 Debug(4111): On demand mode. Skip setting network discover event.
P 470-T12807 06/16/2021 15:49:57:144 Debug(11159): SetVpnStatus called with new status=0, Previous Status=0
06-18-2021 02:08 AM
do you see a portal login earlier in the logs, are the portal and gateway on same box and using same tls profile.
is it possible to wireshark to see if gateway is responding at all???
not much help.... sorry.
10-15-2021 09:17 PM
I had this issue as well and fixed it by adding a Host Name = "DNS" from Subject Alternative Name (SAN) field in the certificate attributes.
10-17-2021 04:49 AM - edited 10-17-2021 04:51 AM
@Mick_Ball could be having the idea that you have pushed the CA cert for the globalprotect on the windows devices using GPIO AD directory but maybe you have not done this for MAC using Jamf Pro or other mac managment tool and the MAC does not trust the Globalprotect gateway?
There was also an option for Globalprotect to ignore the portal invalid cert (there is no such option for the gateway) and if enabled even if you have the portal and gateway on the same place using the same cert this could explain the issue.
Also just in case push the system extensions for MAC:
Also if the gateway port is blocked I used this workaround before:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClKPCA0
06-04-2022 04:49 AM
hello,can you tell me how to add Host Name in GlobalProtect certificate attributes,and where is GlobalProtect certificate.please~
10-06-2022 02:07 AM
Hi,
Did someone solved this issue? Any specific instructions will be appreciated.
Thanks
04-04-2023 01:22 AM
I ran into the same problem ,I tested by config certificate Host Name = "DNS" and manually install certificate on iphone and Mac os.
After install certificate found to be able to use Globalprotech as usual.
10-11-2024 08:53 AM
hello, excuse-me can you tell us how you did that please ? i don't get the method
10-11-2024 08:56 AM
hello, excuse-me how did you config certificate Host Name = "DNS" and manually install certificate ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
