Global protect upgrade to 6.2.0-89 having disconnection issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global protect upgrade to 6.2.0-89 having disconnection issue

L2 Linker

I want ask if anyone face issue with below error after upgrading global protect to 6.2.0-89?

 

"The network connection is unreachable, or the gateway is unresponsive. Check the network connection and reconnect"

Before upgrade it works fine and no any changes. I can see logs in PanGPS as below:

 

(P6048-T4788)Debug( 149): 08/18/23 07:54:44:675 CPD, pan_http_captive_portal_detection: status is 200
(P6048-T4788)Debug( 162): 08/18/23 07:54:44:675 CPD, pan_http_captive_portal_detection() - captive portal isn't detected against server.
(P6048-T4788)Debug(5408): 08/18/23 07:54:44:675 CPD, index=0, iRet=-1, lastError=0
(P6048-T4788)Debug(5426): 08/18/23 07:54:44:675 CPD, CaptivePortalDetectionThread: captive portal is not detected for CP server. iStatus = 200
(P6048-T4788)Debug( 564): 08/18/23 07:54:44:685 Network is reachable
(P6048-T4788)Debug( 149): 08/18/23 07:54:45:115 CPD, pan_http_captive_portal_detection: status is 204
(P6048-T4788)Debug( 155): 08/18/23 07:54:45:115 CPD, no matching string
(P6048-T4788)Debug(5408): 08/18/23 07:54:45:115 CPD, index=1, iRet=-1, lastError=-1
(P6048-T4788)Debug(5426): 08/18/23 07:54:45:115 CPD, CaptivePortalDetectionThread: captive portal is not detected for CP server. iStatus = 204
(P6048-T4788)Debug( 564): 08/18/23 07:54:45:121 Network is reachable
(P6048-T4788)Debug( 149): 08/18/23 07:54:45:264 CPD, pan_http_captive_portal_detection: status is 200
(P6048-T4788)Debug( 162): 08/18/23 07:54:45:264 CPD, pan_http_captive_portal_detection() - captive portal isn't detected against server.
(P6048-T4788)Debug(5408): 08/18/23 07:54:45:264 CPD, index=2, iRet=-1, lastError=-1
(P6048-T4788)Debug(5426): 08/18/23 07:54:45:264 CPD, CaptivePortalDetectionThread: captive portal is not detected for CP server. iStatus = 200
(P6048-T4788)Debug(5611): 08/18/23 07:54:45:264 CaptivePortalDetectionThread: Didn't detect captive portal currently, and bCaptivePortalDetectedOnce=(0).
(P6048-T4788)Debug(5490): 08/18/23 07:54:45:264 CaptivePortalDetectionThread: wait (-1 ms) for captive portal detection event.
(P6048-T2808)Debug( 104): 08/18/23 07:54:47:607 connect failed with 5 seconds timeout.
(P6048-T2808)Debug( 626): 08/18/23 07:54:47:607 Failed to connect to 45.60.x.x on 443 with return value -1 and socket error 0(0)
(P6048-T2808)Debug( 863): 08/18/23 07:54:47:607 do_tcp_connect() failed
(P6048-T2808)Error(11538): 08/18/23 07:54:47:607 ConnectSSL: Failed to connect to '45.60.x.x:443'. Disconnect ssl.
(P6048-T2808)Debug(11551): 08/18/23 07:54:47:607 Cannot get server cert of 45.60.x.x
(P6048-T2808)Debug(6239): 08/18/23 07:54:47:607 Already tried both ipv4 and ipv6 for gateway remote.midwestern.nsw.gov.au
(P6048-T2808)Debug(6250): 08/18/23 07:54:47:607 pretunnel latency (manual gateway) is 1
(P6048-T2808)Error(3540): 08/18/23 07:54:47:607 Failed to connect to gateway remote.midwestern.nsw.gov.au.
(P6048-T2808)Debug(5603): 08/18/23 07:54:47:607 Show Gateway MWRC_Ext_Gateway: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
(P6048-T9008)Debug(2530): 08/18/23 07:54:47:607 Setting debug level to 5
(P6048-T2808)Info (2644): 08/18/23 07:54:47:607 Failed to retrieve info for gateway remote.midwestern.nsw.gov.au.
(P6048-T2808)Debug(2655): 08/18/23 07:54:47:607 tunnel to remote.midwestern.nsw.gov.au is not created.
(P6048-T2808)Error(6123): 08/18/23 07:54:47:607 NetworkDiscoverThread: failed to discover external network.
(P6048-T2808)Debug(7159): 08/18/23 07:54:47:607 --Set state to Disconnected
(P6048-T2808)Debug(6187): 08/18/23 07:54:47:607 NetworkDiscoverThread: PortalStatus is 2, HasLoggedOnGateway is 0
(P6048-T10188)Debug(6752): 08/18/23 07:54:47:607 NetworkConnectionMonitorThread: m_state = 0, m_bOnDemand=1, m_bAgentEnabled=1, m_bJustResumed is 0,
m_bHibernate is 0, m_bAgentEnabled is 1, m_bDisconnect is 0, IsConnected() is 0, IsVPNInRetry() is 0.
(P6048-T10188)Debug(5930): 08/18/23 07:54:47:607 No need to check gateway route since no tunnel.
(P6048-T10188)Debug(6787): 08/18/23 07:54:47:607 NetworkConnectionMonitorThread: Detected route change, but skip network discovery.
(P6048-T2808)Debug(6189): 08/18/23 07:54:47:607 NetworkDiscoverThread: ((PORTAL_CACHED_CONFIG == m_nPortalStatus) && !m_bHasLoggedOnGateway)
(P6048-T2808)Debug(6210): 08/18/23 07:54:47:607 Network discovery is not ready, set GP VPN status as disconnected
(P6048-T2808)Debug(11650): 08/18/23 07:54:47:607 SetVpnStatus called with new status=0, Previous Status=0
(P6048-T2808)Debug(4356): 08/18/23 07:54:47:607 UpdatePrelogonStateForSSO() - tunnel state = Disconnected
(P6048-T2808)Debug(6288): 08/18/23 07:54:52:613 NetworkDiscoverThread: Network discover is not successful. Retry.
(P6048-T2808)Info (6306): 08/18/23 07:54:52:613 OnDemand mode, skip retry network discovery.
(P6048-T2808)Debug(5734): 08/18/23 07:54:52:613 NetworkDiscoverThread: wait for network discover event.
(P6048-T2176)Debug( 540): 08/18/23 07:54:52:898 WscCallback
(P6048-T2176)Debug( 542): 08/18/23 07:54:52:898 SetWscEvent
(P6048-T11232)Debug( 139): 08/18/23 07:54:54:002 Got hip report in other process ready event.
(P6048-T11232)Debug( 158): 08/18/23 07:54:54:002 Read output from PanGpHip.exe
(P6048-T11232)Debug( 195): 08/18/23 07:54:54:002 write hip file now
(P6048-T11232)Debug( 213): 08/18/23 07:54:54:002 CheckHipInOtherProcess() sets hip report ready event.
(P6048-T11232)Debug( 135): 08/18/23 07:54:54:002 Wait for the ready event of hip report generated in other process.
(P6048-T3440)Debug(6386): 08/18/23 07:54:54:002 HipReportThread: got HIP report ready event.
(P6048-T3440)Debug(6402): 08/18/23 07:54:54:002 HipReportThread: wait for network discover ready event.

 

 

5 REPLIES 5

L2 Linker

It looks like a connectivity issue from the logs and can be due to multiple reasons , if the issue still persists raise a TAC case. In. the meantime rollback to the previous version and verify if you can connect, it will isolate the problem and will prove that the issue is indeed with the agent.
Also I guess you would have tried, was the portal accessible via browser during the issue?

L4 Transporter

any update? im having the same issue. It seems like any issue with 6.2 

L2 Linker

I have seen this issue as well, also some users on this version reported agent is stuck in connecting, I rolled back the users to 6.1.2 and didn't hear any issue on the version, also 6.2.1 is available as well, you can test it too

I open TAC case and TAC ask to increase timeout value from 30 to 60

 

# set deviceconfig setting global-protect timeout ? (Default value is 30)
<value> <3-150> timeout in seconds for global-protect gateways
# set deviceconfig setting global-protect timeout 60
#commit

LizaRajjab - Did this setting change resolve the issue for your users? We are currently running 6.2.0 and experiencing similar issues upon the initial login attempt. Typically, a "Refresh Connection" allows the user to connect without issue, however we would like to prevent this issue from happening in the first place if possible. We are also looking to upgrade to a newer version but are not ready to push that out to our users.

  • 3020 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!