Global protect Android version 13 mobile users not connecting portal issue. The network connection is unreachable, or the portal is unresponsive issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global protect Android version 13 mobile users not connecting portal issue. The network connection is unreachable, or the portal is unresponsive issue

L2 Linker

Hi Team,

 

Good day!

 

Global protect Android 13 version mobile users not connecting portal issue. Error shows "The network connection is unreachable, or the portal is unresponsive. Check the network connection and reconnect."

 

I have created self signed certificate and installed in the mobile but still same issue.following logs collected from Android mobile GP.log errors. 

Note:its working IOS users and Android 12, 11 ,10versions 

 

fingerprint=e2:f2:78:8a:de:bb:e7:54:c8:01:65:db:af:29:0f:c8:e5:5c:86:d7
(31135)01/25 14:20:49:44286 - checkServerTrusted: bVerifyServerCert true
(31135)01/25 14:20:49:44571 - checkServerTrusted: verify server cert now! certFilename=null, pass=xxx, revoke=true
(31135)01/25 14:20:49:44680 - verify it again CA file
(31135)01/25 14:20:49:46440 - checkServerTrustedAgainCAFile: TrustManager, size1
(31135)01/25 14:20:49:48474 - verified by system trusted credentials..
(31135)01/25 14:20:49:53441 - PanHttpsClient: 1738, found exception:javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ad65a5fc8: Failure in SSL library, usually a protocol error
error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT (external/boringssl/src/ssl/ssl_cert.cc:605 0x7b5ae9511a:0x00000000)
(31135)01/25 14:20:49:53596 - PanHttpsClient: server cert error
(31135)01/25 14:20:49:53709 - (l6)JNI,31216,228,after JNIGetHttpResponse, ret=Valid(31135)01/21 14:20:49:53812 - (l5)JNI,31216,316,not handled, ret=error, javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007ad65a5fc8: Failure in SSL library, usually a protocol error
error:1000012e:SSL routines:OPENSSL_internal:KEY_USAGE_BIT_INCORRECT (external/boringssl/src/ssl/ssl_cert.cc:605 0x7b5ae9511a:0x00000000), return NULL now
(31135)01/25 14:20:49:53908 - (l6)JNI,31216,7643,prelogin to portal result is
(null)
(31135)01/25 14:20:49:53955 - (l6)JNI,31216,7955,Failed to pre-login to the portal  Ip address (public ip XX.Xx.Xx ) with return value 0(0).
(31135)01/25 14:20:49:54016 - (l6)JNI,31216,571,DestroyHTTPSession(31135)01/21 14:20:49:54056 - (l5)JNI,31216,10661,Portal config does not exist, try registry/plist
(31135)01/25 14:20:49:54130 - (l5)JNI,31216,8829,failed to retrieve value of the tag version.
(31135)01/25 14:20:49:54169 - (l5)JNI,31216,8844,Skip reading cached portal config.
(31135)01/25 14:20:49:54228 - (l6)JNI,31216,12503,No scep profile
(31135)01/25 14:20:49:54267 - (l6)JNI,31216,8860,portal status is Invalid portal.

16 REPLIES 16

L2 Linker

Hi Team,

 

Any recommendation for this Android 13 version issue ?

 

 

Hi,

i face the exact same issue.
I guess we have to go over TAC and create a support case for this.

L1 Bithead

GP for Windows works fine, some old Android works fine, new Android got this error.(The network connection is unreachable...)
Tried to connect the phone to another company`s GP portal, it works!
The other portal have same configuration, but lower PANOS. Might be random/something else?
If I open my GP portal webpage in Chrome from the android phone I get: ERR_SSL_KEY_USAGE_INCOMPATIBLE
Hope someone figure out this one 🙂
I use PANOS 11.1.1

Hi ,may i know your PAN OS version?

 PANOS 11.1.1

L1 Bithead

I gave up the my RootCA and GlobalProtect self signed certificate. Added a free one and GlobalProtect on all mye windows and android devices.
I saved some screenshots on my webpage, hopefully they can help others .
https://www.mrlogg.no/2024/02/paloaltonetworks-globalprotect_4.html

Hi

I have the same error on android 14.

If you have any updates, please let me know.

 

it is a cert issue, try with a new cert. @Divomag 

Hi @NilsJGabrielsen ,

 

Good Morning!

 

Yes ,its a certification issue but when install new certification to the Android 14 version,still it's not working, This is maybe PAN OS issue or i'm not sure.

Not sure if this is a PANOS og Android issue, but a public cert fixed it for me, you can create one for free on https://app.zerossl.com/certificate/new 

L1 Bithead

Hi, I had a similar issue, "Failure in SSL library, usually a protocol error", now the most recent Android devices and versions force the connection with TLS 1.3, That protocol is not allowed to stablish a communication though GP. You can try to check if changing the TLS/SSL profile min 1.0 and max 1.2 helps. also try to generate a new certificate and in the attributes add the Public Portal IP Address 

L2 Linker

Hi @Karuppu 

 

May i ask what was resolution for this? currently have the same error with our client.

 

Regards

Nicko

Hi @NilsJGabrielsen ,

 

This means that we need to create an child certificate under the parent one?

Do we need to install both Parent and Child Certificate on the android device?

 

Regards

Nicko

  • 4611 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!