02-14-2022 12:41 PM
I have a GP user complaining about his GP sessions getting dropped. He's using certificate auth autovpn. The full error is
[Error]: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
Network discovery started.
Now while that is going on, I see in Monitor/Global protect at that time is repeated messages of the client in pre-login
before-login status and no IP address yet assigned. What is likely going on? Any other logs to review?
Type | Generate Time | Event ID | Stage | Source User | Source Region | Public IP | Public IPv6 | Private IP | Private IPv6 | Client Version |
GLOBALPROTECT | 2/14/2022 4:45 | gateway-prelogin | before-login | ACME-67321211157 | US | 200.33.22.130 | 0.0.0.0 | 0.0.0.0 | 0.0.0.0 | 5.2.5 |
GLOBALPROTECT | 2/14/2022 4:44 | gateway-prelogin | before-login | ACME-67321211157 | US | 200.33.22.130 | 0.0.0.0 | 0.0.0.0 | 0.0.0.0 | 5.2.5
|
Client OS | Client OS Version | Repeat Count | Status | Login Duration | Error Code | Portal | Sequence Number | Action Flags | High Res Timestamp | Selection Type | Response Time |
Windows | Microsoft Windows 10 Enterprise , 64-bit | 1 | success | 0 | 0 | GP_Gateway | 27604518 | 0x0 | 2022-02-14T04:45:07.499-08:00 | ||
Windows | Microsoft Windows 10 Enterprise , 64-bit | 1 | success | 0 | 0 | GP_Gateway | 27604477 | 0x0 | 2022-02-14T04:44:35.386-08:00 |
10-26-2022 09:08 AM
Hi. We've had a lot of progress since then. One issue was upgrading to a more recent GP client. 5.2.12
has been less problematic and worked past a known bug. I'm posting the login event phases you should
see in sequence as I was not clear on that part in February. Not that the get-config is when the address
is assigned. Also are you pulling down the GP client debugs? They have a lot of into including
ipconfig /all, netstat -rn, GP events. I wish there was a way we could get that data without bothering
the user about it. But if you can get them to send it it's pretty insightful.
10-26-2022 09:52 AM - edited 10-26-2022 09:53 AM
For affected users, the only event we're seeing in the GP log on the firewall is portal-prelogin. I've looked at the pangps.log from an affected client and it wasn't really helpful. We've tried a few different GP versions, including the latest 6.1.0, and full uninstall/reboot/install.
Based on this thread, I'm thinking it might actually be a Windows update issue, but we haven't gotten to testing either uninstalling the October CU or installing the out-of-band patch noted there. Thanks.
Matt
10-26-2022 09:59 AM
Perhaps the the pan_gp_event log.would be more helpful? That's my go-to.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!