Global Protect - PreLogon/SAML with Cert Revocation

cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect - PreLogon/SAML with Cert Revocation

L3 Networker

Hi All,

 

Does anyone have a Globalprotect PreLogon setup with SAML authentication and CRL enabled?

 

Having issues with this and have it raised with TAC but thought I'd reach out to the community.

 

It's worth noting that we have a parallel setup using LDAP Auth identical to this configuration without Cert Revocation so we know the config is sound.

 

These are the issues in Summary (Cert Revocation not enabled):

1. With PreLogon and SAML authentication, we have the 2 Agent configs in the Portal - one set to a User of PreLogon, second as User Any - standard deployment. When a test user logs in he gets an authentication error. When the laptop boots from a shutdown, GP Prelogon does not work. If they switch to the LDAP setup it works - PreLogon and user logon on.  If we set the Agent User PreLogon to Any - it works without an issue.

2. Enable Cert Revocation on the certificate profile (with Agent User Prelogon set to Any) - user reboots and PreLogon does not work. User can log in without issue. User Logs out of Windows, Prelogon is working.

 

Looking at the logs it looks like the PreLogon is attempting to authenticate or sending the PreLogon user to SAML. Below are User client logs username and portal replaced with Test User and Test Portal. Also, traffic dated 27/1 is with Cert Revocation enabled. Dated 28/1 is with the PreLogon User Agent.

 

Any ideas?

 

Logs:

PANGPA logs during testing:

 

Date: 28/1/22
(P6388-T9612)Debug(9098): 01/28/22 10:14:03:952 Saml auth
(P6388-T9612)Dump (2373): 01/28/22 10:14:03:952 close WinHttp close handle.
(P6388-T9612)Debug(8314): 01/28/22 10:14:03:952 Return false for saml auth
(P6388-T9612)Debug(8315): 01/28/22 10:14:03:952 m_preUsername pre-logon, IsInPrelogon() 0
(P6388-T9612)Debug(8319): 01/28/22 10:14:03:952 m_userName pre-logon
(P6388-T9612)Dump (1016): 01/28/22 10:14:03:952 status is Disconnected
(P6388-T9612)Dump (1063): 01/28/22 10:14:03:952 stats.b_connected is 0, GetBestGateway is NULL.
(P6388-T9612)Dump (6808): 01/28/22 10:14:03:952
ResponseToClient.txt_output: <?xml version="1.0" encoding="UTF-8"?>
<response>
<type>saml-pre-login</type>
<status>Disconnected</status>
<protocol/>
<portal-config-version>4100</portal-config-version>
<error-must-show/>
<error-must-show-level>error</error-must-show-level>
<error/>
<product-version>5.2.10-6</product-version>
<product-code>&quot;{D3983688-3ECE-46AA-957C-DC4897ADC354}&quot;</product-code>
<portal-status>Invalid portal</portal-status>
<user-name>pre-logon</user-name>
<username-type>sso</username-type>
<state>Retrieving configuration...</state>
<check-version>no</check-version>
<portal>Test-Portal</portal>
<discover-ready>no</discover-ready>
<mdm-is-enabled>no</mdm-is-enabled>
<saml-auth-status>0</saml-auth-status>
<saml-auth-method>REDIRECT</saml-auth-method>
<saml-request>aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NlNmViZTYyLTU1N2ItNDQzNi1hMTljLTc2N2VjYTJjZDQ1MS9zYW1sMj9TQU1MUmVxdWVzdD1sWkpCYjhJd0RJWCUyRlNwVjcyeVFORkNLb3hPQXdKS1loMnUyd3k1U21Ia1JxRXhhbjAzNyUyQkNtd2F1eUR0YVBucGUlMkZhelo2aTY5aWdYZlRqWUhiejNnQ0g2N0ZxTDh0eVlrOTViNlJRYWxGWjFnREpvV1M0ZU5wSW5WQjY5QzA2N2xrUUxSUERCT0x0MEZ2c09mQW4lMkJ3Mmg0Mm0zbTVCRENFV1dhN284ODFpckpOQjZVaHdZdkVrd3NCQ2xFbHA2NG5LYmxObDBzU3hLdGhsbU1WU2ZxTDZOMWUyT1R6bWp2MEwwRloxdGpJZEd1U3pXTW9ZWXhqMGVqdkk0SDNqaFdiS3JqZkp5RFZsdzNZc1RTMDFLY1JPdlZuTHd5d2VvSnBWTTZFVk9xYUQxaGVwbzNvbVlLTWpWcXNrR0cyTVBhWWxBMnpBbW5uTWVVeFh4U01TcVprRlM4a0dqN25jR2RzWTJ4JTJCOXVCMVJjUnl2dXEyc2JieDdJaTBUTjRQSzg0Q0VneE8wMG96OGIlMkI2aEMzc2VvbmZWTDhPJTJCdFpldVZZWEtxJTJGJTJGMUI4QVElM0QlM0QmUmVsYXlTdGF0ZT16WDhGQUFlRGxXRTFaREZqWW1JM05tRTFNR013TnpJM1pqSXlZbUZsT0dVeFlXUmlZek5sTUElM0QlM0Q=</saml-request>
<prelogin-cookie/>
<saml-prelogin-portal>yes</saml-prelogin-portal>
<saml-chrome-sso-support/>
<saml-default-browser>yes</saml-default-browser>
<saml-request-id>0</saml-request-id>
<prelogin-response>
<status>Success</status>
<ccusername></ccusername>
<autosubmit>false</autosubmit>
<msg></msg>
<newmsg></newmsg>
<license>yes</license>
<authentication-message>Enter login credentials</authentication-message>
<username-label>Username</username-label>
<password-label>Password</password-label>
<panos-version>1</panos-version>
<saml-default-browser>yes</saml-default-browser><saml-auth-status>0</saml-auth-status>
<saml-auth-method>REDIRECT</saml-auth-method>
<saml-request-timeout>600</saml-request-timeout>
<saml-request-id>0</saml-request-id><saml-request>aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NlNmViZTYyLTU1N2ItNDQzNi1hMTljLTc2N2VjYTJjZDQ1MS9zYW1sMj9TQU1MUmVxdWVzdD1sWkpCYjhJd0RJWCUyRlNwVjdtall0TFVRVWljRmhTRXhEbE8yd3k1U2tCaUsxQ1l2VGFUOSUyRkJUWnR1eUR0YVBucGUlMkZhenB5aTc5aVRtZlRqYUxiejFnQ0g2NkZxTDR0S29TTyUyQnRjQklOQ2lzN1FCRzBxT2NQYThIalJKeThDMDY3bGtSelJQREJPTHR3RnZzT2ZBMyUyQjNXaDQycTRyY2d6aGhJS3h3NGxUTGVOTTQxRjZhUEFxd2RoQ0VIbWVzVE9YSjZ6ZXNQbWlKdEZ5bU1WWWVhYiUyQk1GcDNNRGJ1alBZTzNUNDQyeG9Mc1hZZDAxQ0Fnb0xUMGFoVWRPQVZWS1lUVGN1aUJDMjVidkpSeXM1TGNSS3RsaFY1elJWQXRsZDdxV1NxazRrYzc4dFJtYVNxbVFCWE1tOEdHV0lQSzR0QjJsQVJubkJPazVUeThTNU5SVDRSZWZaQ29zMVhCbmZHTnNZZWJnZW1yaUlVOTd2ZGhtNGU2eDJKbnNIalpjVkJRR2JUODRUaVl1eCUyRkhlSTJWbjZuVDJiJTJGem5yS2Zqbk9ydFhmZjVoOUFnJTNEJTNEJlJlbGF5U3RhdGU9ZTRFRkFBZURsV0U1TkdNNVlqZ3dObUV3WkdReFpqUmxPVFF5WkRZell6RXhNbVE1TkdabVl3JTNEJTNE</saml-request><auth-api>no</auth-api><region>GB</region>
</prelogin-response>
(P15340-T5188)Debug(3656): 01/28/22 11:49:42:351 REGION-PRIO, gateway region code is GB
(P15340-T5188)Debug(3688): 01/28/22 11:49:42:351 REGION-PRIO, portal and gateway have same region code!
(P15340-T5188)Debug(3701): 01/28/22 11:49:42:351 auth-api is no in prelogin response
(P15340-T5188)Debug(6515): 01/28/22 11:49:42:351 Auth message is Enter login credentials for gateway Test-Portal
(P15340-T5188)Debug(6543): 01/28/22 11:49:42:351 Gateway license yes, license-v6 yes
(P15340-T5188)Debug(6050): 01/28/22 11:49:42:351 OtpSaveCredential is save_credential
(P15340-T5188)Debug(6088): 01/28/22 11:49:42:351 External network gateway without OTP authentication
(P15340-T5188)Debug(6155): 01/28/22 11:49:42:351 Fallback portal user credential.
(P15340-T5188)Debug( 41): 01/28/22 11:49:42:352 Roaming profile is false
(P15340-T5188)Debug( 167): 01/28/22 11:49:42:362 profileInfo username Administrator, profile path (null), server (null)
(P15340-T5188)Debug(2328): 01/28/22 11:49:42:382 Unserialized empty cookie for portal Test-Portal and user Test-User
(P15340-T5188)Debug(11122): 01/28/22 11:49:42:382 send saml-pre-login to UI.
(P15340-T5188)Debug(3633): 01/28/22 11:49:42:382 Grace period is 0
(P15340-T5188)Debug(1481): 01/28/22 11:49:42:382 Added manual=no to response to PanGPA.
(P15340-T5188)Debug(1884): 01/28/22 11:49:42:382 Send response to client for request saml-pre-login
(P15340-T5188)Debug(3633): 01/28/22 11:49:42:382 Grace period is 0
(P15340-T5188)Debug(11154): 01/28/22 11:49:42:382 wait for m_hChallengeEvent.

2. With both Portal agents configured for any user (I realise only the first would be used) we see good Pre-Logon and user connection – there are no issues with Globalprotect. We turn Certificate Revocation on any lost devices can have their certificates revoked and we see a problem with Pre-Logon. For certificate revocation we are only turning on the Use CRL and not the blocks. What we see is Pre-Logon fails when a laptop is booted but user login is good. When a User logs out, pre-logon works. It looks as if the pre-logon is trying to authenticate with SAML.
PANGPA logs for Prelogon testing, I’ve highlighted some lines of interest highlighted as well as removing the “noise” but have left some context, if you want to search through it for my comments, do a search for <<- .I also still have the original file if you want it..

<type>saml-pre-login</type> <<- this shouldn’t be SAML
<status>Disconnected</status>
<protocol/>
<portal-config-version>4100</portal-config-version>
<error-must-show/>
<error-must-show-level>error</error-must-show-level>
<error/>
<product-version>5.2.10-6</product-version>
<product-code>&quot;{D3983688-3ECE-46AA-957C-DC4897ADC354}&quot;</product-code>
<portal-status>Connected</portal-status>
<user-name>Test-User</user-name>
<username-type>saml</username-type>
<state>Discovering network...</state>
<check-version>no</check-version>
<portal>Test-Portal</portal>
<discover-ready>no</discover-ready>
<mdm-is-enabled>no</mdm-is-enabled>
<gateway>Test-Portal</gateway>
<network-type>external</network-type>
<manual>no</manual>
<saml-auth-status>0</saml-auth-status>
<saml-auth-method>REDIRECT</saml-auth-method>
<saml-request>aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NlNmViZTYyLTU1N2ItNDQzNi1hMTljLTc2N2VjYTJjZDQ1MS9zYW1sMj9TQU1MUmVxdWVzdD1sWkxMVHNNd0VFViUyRkpmSSUyQkwlMkJkVnJDWlNhQmRVS2lKcUFnczJ5SFVtcmFYRURoNEg4Zm1rTFlpeXFjUnlORmZuenR5WkpmS2hIMWs1MmFQYXdmc0VhSjNQb1ZmSXpvMmNURVl4elZFaVUzd0FaRmF3dW56Y011b0ZiRFRhYXFGNzRwU0lZS3pVYXFVVlRnT1lHc3lIRlBDODIlMkJia2FPMkl6UGNQSTNVRjl5S0JSMjZneFlzRVBRV1d4WEhrbjdnMDhPdktMMWMxY2RiekxGTHhFJTJGV1gwZXVEVk40Z2hkR29PNnRWTHhWNFFnJTJCJTJCZ0JUMmtGSTNTYks5TyUyRk5TbDRkM3dzM1NEQVNub28yVDBEOHRSWW16V2Vma0xZbzZHaWNRTE5KMkVYY3RkTkF1YUJTRVVTQkVtNGwwbGlGT3NGRm91Ykk1b1FHbGJoQzZOR3ZDa0FVSkM3Tlg0bFRmR2R4TDFVcDF1QjNZJTJGaUpDOXRBMGxWczkxUTF4WHNEZ2VjVlpRSXJsYVVKMk5qWlhoN2lONVQlMkZwayUyQkxmV1MlMkY5SzhmaVV2MzloJTJCSUwmUmVsYXlTdGF0ZT1DMkFGQUFlRGxXRXdNVGhoT0dKbE1UazVNemxoWW1aaFkyVTRPREJsTW1NMk1URmpNemsyT1ElM0QlM0Q=</saml-request>
<prelogin-cookie/>
<saml-prelogin-portal>no</saml-prelogin-portal>
<saml-chrome-sso-support/>
<saml-default-browser>yes</saml-default-browser>
<saml-request-id>0</saml-request-id>
</response>

 

Date 27/1/22
(P15864-T16284)Debug(1416): 01/27/22 11:05:24:836 Wait too long in connecting, display still working...
(P15864-T16784)Debug(2212): 01/27/22 11:05:27:939
OnSamlCallback - portal saml acs callback proceesed.
(P15864-T16784)Debug(2215): 01/27/22 11:05:27:939 Acs : globalprotectcallback:PGh0bWw+PCEtLSA8c2FtbC1hdXRoLXN0YXR1cz4xPC9zYW1sLWF1dGgtc3RhdHVzPjxwcmVsb2dpbi1jb29raWU+aGRaN0NRbkZMUy9md0phVUlIcVBtV0llZ3d6RnRLL0VzSTMrU0dmZlZOcjMwbFdZT3pnRHhFaXh1Rm00anpGLzwvcHJlbG9naW4tY29va2llPjxzYW1sLXVzZXJuYW1lPkRhcnJlbi5DYXNzYW5vQGh1bnRpbmdkb25zaGlyZS5nb3YudWs8L3NhbWwtdXNlcm5hbWU+PHNhbWwtc2xvPnllczwvc2FtbC1zbG8+PHNhbWwtU2Vzc2lvbk5vdE9uT3JBZnRlcj48L3NhbWwtU2Vzc2lvbk5vdE9uT3JBZnRlcj4gLS0+PC9odG1sPg==.
(P15864-T16784)Info ( 863): 01/27/22 11:05:27:940 UI send saml username to update.
(P15864-T16784)Debug( 172): 01/27/22 11:05:27:940 CPanClientAuth::HandleNewCredential.
(P15864-T16784)Debug( 316): 01/27/22 11:05:27:940 CPanClientAuth::encryptPwd length 0.
(P15864-T16784)Dump ( 80): 01/27/22 11:05:27:940 Use shared translate
(P15864-T16784)Debug( 328): 01/27/22 11:05:27:940 CPanClientAuth::encryptPwd dwl 64.
(P15864-T16784)Debug( 331): 01/27/22 11:05:27:940 CPanClientAuth::encryptPwd - len 64 .
(P15864-T16784)Dump ( 80): 01/27/22 11:05:27:940 Use shared translate
(P15864-T16784)Debug( 363): 01/27/22 11:05:27:940 CPanClientAuth::encryptBackup - len 64 .
(P15864-T16784)Debug( 172): 01/27/22 11:05:27:942 CPanClientAuth::HandleNewCredential.
(P15864-T16784)Debug( 316): 01/27/22 11:05:27:942 CPanClientAuth::encryptPwd length 0.
(P15864-T16784)Dump ( 80): 01/27/22 11:05:27:942 Use shared translate
(P15864-T16784)Debug( 328): 01/27/22 11:05:27:942 CPanClientAuth::encryptPwd dwl 64.
(P15864-T16784)Debug( 331): 01/27/22 11:05:27:942 CPanClientAuth::encryptPwd - len 64 .
(P15864-T16784)Dump ( 80): 01/27/22 11:05:27:942 Use shared translate
(P15864-T16784)Debug( 363): 01/27/22 11:05:27:942 CPanClientAuth::encryptBackup - len 64 .
(P15864-T16784)Info ( 937): 01/27/22 11:05:27:942 UI send new gateway user info for non RSA user.
(P15864-T16784)Dump ( 110): 01/27/22 11:05:27:942 new command added to the queue at the back.
(P15864-T16784)Debug( 545): 01/27/22 11:05:27:942 CPanSAMLDlg::HandleSamlACSResponse - saml auth successful.
(P15864-T16372)Debug( 645): 01/27/22 11:05:27:950 Send command to Pan Service
(P15864-T16372)Debug( 660): 01/27/22 11:05:27:951 Command = <request><type>invalid-gateway-credential</type><user>Test-User</user><passwd>********</passwd><prelogin-cookie>hdZ7CQnFLS/fwJaUIHqPmWIegwzFtK/EsI3+SGffVNr30lWYOzgDxEixuFm4jzF/</prelogin-cookie><saml-username>Test-User</saml-username><saml-auth-status>1</saml-auth-status><saml-auth-error></saml-auth-error><gateway>Test-Portal</gateway><network-type>external</network-type><manual>no</manual></request>
(P15864-T16372)Debug( 725): 01/27/22 11:05:27:951 PanClient sent successful with 496 bytes
(P15864-T16284)Dump ( 76): 01/27/22 11:05:27:952 OnReceive error=0
(P15864-T16284)Dump ( 76): 01/27/22 11:05:27:954 OnReceive error=0
(P15864-T16284)Debug( 121): 01/27/22 11:05:27:954 Received data from Pan Service
(P15864-T16284)Debug( 608): 01/27/22 11:05:27:954 Current status is changed to 1.
(P15864-T16284)Debug( 174): 01/27/22 11:05:27:954 username field is not empty. not override the username.
(P15864-T16284)Debug( 203): 01/27/22 11:05:27:954 CPanBaseReceiver::HandleStatus - found discover-ready tag. value = n.
(P15864-T16284)Debug( 210): 01/27/22 11:05:27:954 CPanBaseReceiver::HandleStatus - found cdl-log tag. value = n.
(P15864-T16284)Debug( 274): 01/27/22 11:05:27:954 message type from the service = s
<?xml version="1.0" encoding="UTF-8"?>
<response>
<type>status</type>
<status>Disconnected</status>
<protocol/>
<portal-config-version>4100</portal-config-version>
<error-must-show/>
<error-must-show-level>error</error-must-show-level>
<error/>
<product-version>5.2.10-6</product-version>
<product-code>&quot;{D3983688-3ECE-46AA-957C-DC4897ADC354}&quot;</product-code>
<portal-status>Connected</portal-status>
<user-name>Test-User</user-name>
<username-type>saml</username-type>
<state>Discovering network...</state>
<check-version>no</check-version>
<portal>Test-Portal</portal>
<discover-ready>no</discover-ready>
<mdm-is-enabled>no</mdm-is-enabled>
<gateway-list name="gateway-list" type="external" user="Test-User">
<no-gateway>true</no-gateway>
<entry>
<gateway>Test-Portal</gateway>
<tunnel>no</tunnel>
<description>Test-Portal</description>
<pre-vpn-connect-error>_</pre-vpn-connect-error>
<priority>1</priority>
<internal>no</internal>
<authenticated>no</authenticated>
</entry>
</gateway-list>
<cdl-log>no</cdl-log>
</response>

(P15864-T16284)Debug( 231): 01/27/22 11:05:27:955 CPanParserWin::responseToUI() is called for status event.
(P15864-T16284)Debug( 393): 01/27/22 11:05:27:955 Receive gps message with type status.
(P15864-T16284)Debug( 325): 01/27/22 11:05:27:955 ===> response sent to GPI = <response><type>status</type><state>Discovering network...</state><error></error><disabled>no</disabled></response>
(P15864-T16284)Dump ( 76): 01/27/22 11:05:28:179 OnReceive error=0
(P15864-T16284)Debug( 121): 01/27/22 11:05:28:179 Received data from Pan Service
(P15864-T16284)Debug( 608): 01/27/22 11:05:28:179 Current status is changed to 1.
(P15864-T16284)Debug( 174): 01/27/22 11:05:28:179 username field is not empty. not override the username.
(P15864-T16284)Debug( 203): 01/27/22 11:05:28:179 CPanBaseReceiver::HandleStatus - found discover-ready tag. value = n.
(P15864-T16284)Debug( 210): 01/27/22 11:05:28:179 CPanBaseReceiver::HandleStatus - found cdl-log tag. value = n.
(P15864-T16284)Debug( 274): 01/27/22 11:05:28:179 message type from the service = s
<?xml version="1.0" encoding="UTF-8"?>
<response>
<type>status</type>
<status>Disconnected</status>
<protocol/>
<portal-config-version>4100</portal-config-version>
<error-must-show/>
<error-must-show-level>error</error-must-show-level>
<error/>
<product-version>5.2.10-6</product-version>
<product-code>&quot;{D3983688-3ECE-46AA-957C-DC4897ADC354}&quot;</product-code>
<portal-status>Connected</portal-status>
<user-name>Test-User</user-name>
<username-type>saml</username-type>
<state>Connecting...</state>
<check-version>no</check-version>
<portal>Test-Portal</portal>
<discover-ready>no</discover-ready>
<mdm-is-enabled>no</mdm-is-enabled>
<gateway-list name="gateway-list" type="external" user="Test-User">
<no-gateway>true</no-gateway>
<entry>
<gateway>Test-Portal</gateway>
<tunnel>no</tunnel>
<description>Test-Portal</description>
<allow-tunnel>yes</allow-tunnel>
<passwd-expire-days>-1</passwd-expire-days>
<priority>1</priority>
<internal>no</internal>
<authenticated>yes</authenticated>
</entry>
</gateway-list>
<cdl-log>no</cdl-log>
</response>

(P15864-T16284)Debug( 231): 01/27/22 11:05:28:179 CPanParserWin::responseToUI() is called for status event.
(P15864-T16284)Debug( 393): 01/27/22 11:05:28:179 Receive gps message with type status.
(P15864-T16284)Debug( 325): 01/27/22 11:05:28:179 ===> response sent to GPI = <response><type>status</type><state>Connecting...</state><error></error><disabled>no</disabled></response>
(P15864-T16284)Dump ( 76): 01/27/22 11:05:32:104 OnReceive error=0
(P15864-T16284)Debug( 121): 01/27/22 11:05:32:104 Received data from Pan Service
(P15864-T16284)Debug( 608): 01/27/22 11:05:32:104 Current status is changed to 3.
(P15864-T16284)Debug( 174): 01/27/22 11:05:32:105 username field is not empty. not override the username.
(P15864-T16284)Debug( 203): 01/27/22 11:05:32:105 CPanBaseReceiver::HandleStatus - found discover-ready tag. value = n.
(P15864-T16284)Debug( 210): 01/27/22 11:05:32:105 CPanBaseReceiver::HandleStatus - found cdl-log tag. value = n.
(P15864-T16284)Debug( 274): 01/27/22 11:05:32:105 message type from the service = s
<?xml version="1.0" encoding="UTF-8"?>
<response>
<type>status</type>
<status>Connected</status>
<protocol>IPSec</protocol>
<portal-config-version>4100</portal-config-version>
<error-must-show/>
<error-must-show-level>error</error-must-show-level>
<error/>
<uptime>0</uptime>
<byte-received>1219</byte-received>
<byte-sent>1636</byte-sent>
<packet-received>6</packet-received>
<packet-sent>21</packet-sent>
<incorrect-packet-received>0</incorrect-packet-received>
<incorrect-packet-sent>0</incorrect-packet-sent>
<server-ip>185.111.131.212</server-ip>
<local-ip>10.95.224.51</local-ip>
<local-ipv6/>
<connect-mode>0</connect-mode>
<product-version>5.2.10-6</product-version>
<product-code>&quot;{D3983688-3ECE-46AA-957C-DC4897ADC354}&quot;</product-code>
<portal-status>Connected</portal-status>
<user-name>Test-User</user-name>
<username-type>saml</username-type>
<state>Connected</state>
<check-version>no</check-version>
<portal>Test-Portal</portal>
<discover-ready>no</discover-ready>
<mdm-is-enabled>no</mdm-is-enabled>
<gateway-list name="gateway-list" type="external" user="Test-User">
<entry>
<gateway>Test-Portal</gateway>
<tunnel>yes</tunnel>
<description>Test-Portal</description>
<allow-tunnel>yes</allow-tunnel>
<passwd-expire-days>-1</passwd-expire-days>
<priority>1</priority>
<internal>no</internal>
<authenticated>yes</authenticated>
</entry>
</gateway-list>
<cdl-log>no</cdl-log>
</response>

(P15864-T16284)Debug( 231): 01/27/22 11:05:32:105 CPanParserWin::responseToUI() is called for status event.
(P15864-T16284)Debug( 393): 01/27/22 11:05:32:105 Receive gps message with type status.
(P15864-T16284)Debug( 88): 01/27/22 11:05:32:105 Client Auth got cleanup.
(P15864-T16284)Info (1578): 01/27/22 11:05:32:105 RSA Integration: Token service is already stopped.
(P15864-T16284)Debug( 325): 01/27/22 11:05:32:105 ===> response sent to GPI = <response><type>status</type><state>Connected</state><error></error><disabled>no</disabled></response>
(P15864-T16284)Debug( 274): 01/27/22 11:05:32:641 message type from the service = s
<?xml version="1.0" encoding="UTF-8"?>
<response>
<type>status</type>
<status>Connected</status>
<protocol>IPSec</protocol>
<portal-config-version>4100</portal-config-version>
<error-must-show/>
<error-must-show-level>error</error-must-show-level>
<error/>
<uptime>0</uptime>
<byte-received>33088</byte-received>
<byte-sent>6457</byte-sent>
<packet-received>60</packet-received>
<packet-sent>65</packet-sent>
<incorrect-packet-received>0</incorrect-packet-received>
<incorrect-packet-sent>0</incorrect-packet-sent>
<server-ip>185.111.131.212</server-ip>
<local-ip>10.95.224.51</local-ip>
<local-ipv6/>
<connect-mode>0</connect-mode>
<product-version>5.2.10-6</product-version>
<product-code>&quot;{D3983688-3ECE-46AA-957C-DC4897ADC354}&quot;</product-code>
<portal-status>Connected</portal-status>
<user-name>Test-User</user-name>
<username-type>saml</username-type>
<state>Connected</state>
<check-version>no</check-version>
<portal>Test-Portal</portal>
<discover-ready>yes</discover-ready>
<mdm-is-enabled>no</mdm-is-enabled>
<gateway-list name="gateway-list" type="external" user="Test-User">
<entry>
<gateway>Test-Portal</gateway>
<tunnel>yes</tunnel>
<description>Test-Portal</description>
<allow-tunnel>yes</allow-tunnel>
<passwd-expire-days>-1</passwd-expire-days>
<post-vpn-connect-error>_</post-vpn-connect-error>
<priority>1</priority>
<internal>no</internal>
<authenticated>yes</authenticated>
</entry>
</gateway-list>
<cdl-log>no</cdl-log>
</response>

(P15864-T16284)Debug( 231): 01/27/22 11:05:32:641 CPanParserWin::responseToUI() is called for status event.
(P15864-T16284)Debug( 393): 01/27/22 11:05:32:641 Receive gps message with type status.
(P15864-T16284)Debug( 88): 01/27/22 11:05:32:641 Client Auth got cleanup.
(P15864-T16284)Info (1578): 01/27/22 11:05:32:641 RSA Integration: Token service is already stopped.
(P15864-T16284)Debug( 325): 01/27/22 11:05:32:641 ===> response sent to GPI = <response><type>status</type><state>Connected</state><error></error><disabled>no</disabled></response>
(P15864-T16284)Debug(1438): 01/27/22 11:05:32:641 CSessionPage::CheckMessage, interface Test-Portal hip status changed
(P15864-T16284)Debug( 404): 01/27/22 11:05:32:641 Portal is connected.
(P15864-T16284)Debug( 624): 01/27/22 11:05:32:642 CPanBaseConfigMgr::AddPortal - portal Test-Portal is already in list.
(P15864-T16284)Dump ( 269): 01/27/22 11:05:32:642 Failed to get attribute value 'PreferredGateway'
(P15864-T16284)Dump ( 269): 01/27/22 11:05:32:642 Failed to get attribute value 'PreferredGatewayAddress'
(P15864-T16284)Debug( 624): 01/27/22 11:05:32:642 CPanBaseConfigMgr::AddPortal - portal gp-ca.3csharedservices.net is already in list.
(P15864-T16284)Dump ( 269): 01/27/22 11:05:32:642 Failed to get attribute value 'PreferredGateway'
(P15864-T16284)Dump ( 269): 01/27/22 11:05:32:642 Failed to get attribute value 'PreferredGatewayAddress'
(P15864-T16284)Debug( 624): 01/27/22 11:05:32:642 CPanBaseConfigMgr::AddPortal - portal Test-Portal is already in list.
(P15864-T16284)Debug(2130): 01/27/22 11:05:32:642 receive resize message from 1, and new height is 243.
(P15864-T16284)Dump (1403): 01/27/22 11:05:58:250 heart beat...

 

0 REPLIES 0
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!