08-02-2023 07:43 AM
I observe that Global Protect drops connections while other apps are not. What thresholds need to be exceeded for Global Protect to give up and drop? I would like to consider how to improve network or end point factors to limit the frequency of Global Protect failiures.
08-03-2023 08:34 AM
You can see the list of adjustable thresholds under the GlobalProtect client App settings of the Portal:
Network->GlobalProtect->Portals->[portalconfig]->Agent->[agentconfig]->App
Select the help button or go to your local firewall for documentation of the values:
Or see the values in the PAN docs:
There are also a couple timeouts under the Gateway config, though I don't think they are relevant to your situation:
Network->GlobalProtect->Gateways->[gatewayconfig]->Agent->ConnectionSettings
You will really need to review the system and client logs to determine why the clients are getting disconnected. System logs:
Monitor->Logs->System
Monitor->Logs->GlobalProtect
Client logs:
GlobalProtectClient->dropdownmenu->Settings->Troubleshooting->CollectLogs
and look at the PanGPS.log in particular around the time of the disconnect.
08-02-2023 09:08 AM - edited 08-02-2023 09:09 AM
You really need to check the logs to see why it has disconnected as could be many reasons...
does it reconnect after a while or do you need to manually connect again???
export the logs from the client settings and check the pangps file. this will tell you whats going on...
08-02-2023 09:22 AM
Thank you for your reply. I am developing a script for the collection of a variety of logged factors. Mostly focused on the endpoint itself, but with the intent to uncover network-centric influences. That part has been done sporadically without a strategy. I plan to have that strategy in place today, with some simple elements that typify the customer experience so we can try to harvest as much as possible when it is happening.
Sometimes you will have to reconnect to network services and other times you will not. It is really unpredictable.
I monitored a few end points that had repeated issues, discovered that they often had network-related performance concerns, but the issue did not always manifest. It seems that there must be more than one factor that needs to be present for Global Protect to drop the connection.
08-02-2023 11:36 AM
As @Mick_Ball says, there are many reasons it could be losing connection. Normally the GlobalProtect client will attempt to automatically reconnect the VPN to the existing Gateway when it detects a problem. If you are running multiple Gateways, then it may attempt to connect to a different Gateway after the first fails (which may or require re-authentication, depending on your setup).
It isn't exactly clear, but I suspect the primary VPN loss detection is from the values "TCP Connection Timeout" (default 5sec) and "TCP Receive Timeout" (default 30sec) in the client App settings. Once the GP client has determined it is no longer connected it tries automatically reconnecting per the "Automatic Restoration of VPN Connection Timeout" (default 30min) and "Wait Time Between VPN Connection Restore Attempts" (default 5sec) timers.
If the client has been deliberately kicked off the VPN (security, HIP check report failures, manually, etc.) then it doesn't appear to automatically restore the connection existing Gateway connection (requires reauth).
08-03-2023 04:31 AM
Might it be possible to get a complete list of Global Protect "thresholds" so I can attempt to correlate issues with end point performance and connectivity? Armed with that I could perhaps target specific network and end point elements for change or improvement.
08-03-2023 08:34 AM
You can see the list of adjustable thresholds under the GlobalProtect client App settings of the Portal:
Network->GlobalProtect->Portals->[portalconfig]->Agent->[agentconfig]->App
Select the help button or go to your local firewall for documentation of the values:
Or see the values in the PAN docs:
There are also a couple timeouts under the Gateway config, though I don't think they are relevant to your situation:
Network->GlobalProtect->Gateways->[gatewayconfig]->Agent->ConnectionSettings
You will really need to review the system and client logs to determine why the clients are getting disconnected. System logs:
Monitor->Logs->System
Monitor->Logs->GlobalProtect
Client logs:
GlobalProtectClient->dropdownmenu->Settings->Troubleshooting->CollectLogs
and look at the PanGPS.log in particular around the time of the disconnect.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
