01-25-2024 09:45 AM
We are piloting 6.1.2-83 client version. With new version we are seeing below behavior.
After connecting to Global Protect VPN if we try to switch to another gateway manually, the client is throwing error "Matching client config not found. Connecting to Best available gateway" and it fails to connect to other gateway and ends up connecting to previous gateway where it was connected before.
From the logs I can see that the gateway authentication is happening successfully but not connecting and throwing the error.
Any thoughts ?
01-26-2024 04:24 AM
This will probably be because you have users or groups listed in the Gateway/agent/client settings\config that do not match the user login names.. check in Monitor/GlobalProtect to ensure the user matches username in the Gateway config.
check also any settings for OS, Regions or IP addresses in the same Gateway config...
01-26-2024 09:18 AM
Thank you Mic for your reply. We are seeing the problem when we are manually switching the gateway, example if my client connected to X gateway but I wanted to switch to Y gateway because of any reason, we are seeing this problem. However if the client selects gateway Y then we don't see this problem.
I have verified the group settings and users are in the group
01-29-2024 06:43 AM - edited 01-29-2024 06:44 AM
what is your authentication method for both portal and gateways?
what happens if you remove users/groups from the gateways?
01-29-2024 08:09 AM
We are using LDAP authentication for the portal and Radius + Azure MFA for Gateway authentication.
I have not tried removing users/groups as it is in production and users don't have issues directly connecting to the gateway, it is only while switching manually.
01-30-2024 12:01 PM
Any solution. This is affecting my company as well. Same issue.
01-31-2024 07:21 AM
Are users prompted to re authenticate when switching gateways or are you using cookie generation??
And may be a daft question but are you sure the username for a good gateway connection matches exactly with one of a failed gateway connection in monitor/globalprotect.
And having asked that, for our similar setup with OTP we have this on the portal which then generates an override cookie for the gateways, would this not work for you??
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
