GlobalProtect is stuck on connecting - macos Big Sur

cancel
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect is stuck on connecting - macos Big Sur

L1 Bithead

Hello,

 

im using global protect version 4.1.8-2 on macos Big Sur. After update on Big Sur i have problems with using global protect...when i want to connect global protect is always stucking on "Connnecting...".

 

I read a lot on google and i assume problem in my case could be because i dont use last version of global protect, but i dont know how to update it to last version? I downloaded .pkg from my vpn.as.si but when i install it i get 4.1.8-2 version and there is no update or i dont know how to do it.


I would be very happy if someone can help me with this

 

ty

2 ACCEPTED SOLUTIONS

Accepted Solutions

Cyber Elite
Cyber Elite

@MBCL88,

Contact your IT department. They can either upgrade the agent bundle (which they should, that's seriously outdated at this point) or provide you a newer release which they can download from the support portal. 

View solution in original post

@MBCL88,

On the GUI:

1) Go to the Device tab

2) Go to the GlobalProtect Client on the bottom left

3) This is where you can download and activate any of the available agent bundles.

 

On the CLI:

request global-protect-client software check 
# This will refresh the agent list

request global-protect-client software download version <version>
# Initiates a job to download the new agent bundle. Just follow the job and wait for it to complete.

request global-protect-client software activate version <version>
# Initiates the activate process and "installs" the selected version.

 

Keep in mind if running in an HA pair or if you have multiple gateways you'll want to have the same agent bundle on all of them. You can jump directly from any agent bundle to the next, there's no intermediate upgrades or anything like that. 

View solution in original post

9 REPLIES 9

Cyber Elite
Cyber Elite

@MBCL88,

Contact your IT department. They can either upgrade the agent bundle (which they should, that's seriously outdated at this point) or provide you a newer release which they can download from the support portal. 

View solution in original post

is there some tutorial how to do it? i have direct access, but i dont see there any button or something where i can update agent bundle etc?

@MBCL88,

On the GUI:

1) Go to the Device tab

2) Go to the GlobalProtect Client on the bottom left

3) This is where you can download and activate any of the available agent bundles.

 

On the CLI:

request global-protect-client software check 
# This will refresh the agent list

request global-protect-client software download version <version>
# Initiates a job to download the new agent bundle. Just follow the job and wait for it to complete.

request global-protect-client software activate version <version>
# Initiates the activate process and "installs" the selected version.

 

Keep in mind if running in an HA pair or if you have multiple gateways you'll want to have the same agent bundle on all of them. You can jump directly from any agent bundle to the next, there's no intermediate upgrades or anything like that. 

View solution in original post

Thank you very much...i downloaded today version 5.2.3-22 and now everythink works

Hi @BPry,

I had GP ver 4.1.13 working well on macOS Catalina. As the @MBCL88 said, I've downloaded and installed ver 5.2.3-22 following updating to macOS Big Sur and it still doesn't work. I get "Gateway GlobalProtect GW IP: Could not connect to the GlobalProtect gateway. Please contact your IT administrator". Just to make sure, I use the correct portal IP and user name and password.

Thank you all for your help, Barak.

@barakb,

Just to be clear, the upgrade did fix OPs issue as evident in their last update following the upgrade to 5.2.3. Because you transitioned from a broken 4.1.13 image and did an upgrade to 5.2.3, the first thing I'd have you try is to do a clean install of GlobalProtect 5.2.3 (Uninstall your existing installation completely, then re-install the 5.2.3 package). If that doesn't fix your issue let me know. 

Hi again @BPry 

Unfortunately uninstalling and reinstalling didn't work

@barakb,

So two things to check:

1) Look at the PanGPS.log file and see what it's actually stating as far as the gateway connection. It could be that it can't validate something on the actual gateway, that it simply can't reach the gateway, or something similar. The logs are stored at /Library/Logs/PaloAltoNetworks/GlobalProtect/. 

2) Be mindful of the recent SSL lifetime changes Apple has put into place. Your lifetime is capped at 398 days effective September 1st on new certificates and the way that Apple severs the connection makes it appear to GlobalProtect that the connection can't be established, not specifically that the certificate is invalid. 

Community Team Member

Just wanted to let everyone know that if they are having any GlobalProtect issues, and need to troubleshoot the issue, our Very own @kiwi has written a great blog all about troubleshooting GlobalProtect.

Be sure to check it out here: 
https://live.paloaltonetworks.com/t5/blogs/dotw-globalprotect-troubleshooting-tips/ba-p/383911

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!