GlobalProtect - Client cert not present

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect - Client cert not present

This past week we have experienced this issue where users are unable to connect to GlobalProtect. This is happening at random and on multiple firewalls with version 9.1.11-h3, GlobalProtect client version is: 5.2.3

 

Looking at the logs this is what it shows under Monitor -> GlobalProtect

 

bernardohernandez_0-1643416673233.png

 

Strangely enough, the certificate IS installed on the client. The client certificate is valid as well as the root CA's.

 

Any pointers will be greatly appreciated.

 

 

 

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

This weekend I had issues with 9.1.12. For both Global protect and site to site tunnels. Once I went to 10.0.x, finally 10.0.8 everything was working as expected.

Regards,

Cyber Elite
Cyber Elite

I've ran into this on a few different occasions throughout various PAN-OS releases and restarting the sslvpn-web-server process fixed the issue. Just know that this will momentary disrupt GlobalProtect, so generally speaking a failover would be preferred under an Active/Passive scenario in some situations. 

 

Also just as a reminder, 5.2.3 is kind of dated at this point. I would recommend validating a newer agent build and rolling it out. There's quite a few issues that have been addressed since 5.2.3 that you wouldn't have. 

L1 Bithead

Hello 

 

I'm pretty sure that you're having this problem because of bug PAN-163030. Let's check it out on the release notes of 9.1.x or 10.0.x. I've recreated this problem and the Workaround was restart the sslvpn-web-server process. This is fixed on 10.0.9 but I haven't upgraded to that version yet. 

  • 7002 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!