GlobalProtect is stuck on connecting - macos Big Sur

Reply
L1 Bithead

GlobalProtect is stuck on connecting - macos Big Sur

Hello,

 

im using global protect version 4.1.8-2 on macos Big Sur. After update on Big Sur i have problems with using global protect...when i want to connect global protect is always stucking on "Connnecting...".

 

I read a lot on google and i assume problem in my case could be because i dont use last version of global protect, but i dont know how to update it to last version? I downloaded .pkg from my vpn.as.si but when i install it i get 4.1.8-2 version and there is no update or i dont know how to do it.


I would be very happy if someone can help me with this

 

ty


Accepted Solutions
Cyber Elite

@MBCL88,

Contact your IT department. They can either upgrade the agent bundle (which they should, that's seriously outdated at this point) or provide you a newer release which they can download from the support portal. 

View solution in original post

Cyber Elite

@MBCL88,

On the GUI:

1) Go to the Device tab

2) Go to the GlobalProtect Client on the bottom left

3) This is where you can download and activate any of the available agent bundles.

 

On the CLI:

request global-protect-client software check 
# This will refresh the agent list

request global-protect-client software download version <version>
# Initiates a job to download the new agent bundle. Just follow the job and wait for it to complete.

request global-protect-client software activate version <version>
# Initiates the activate process and "installs" the selected version.

 

Keep in mind if running in an HA pair or if you have multiple gateways you'll want to have the same agent bundle on all of them. You can jump directly from any agent bundle to the next, there's no intermediate upgrades or anything like that. 

View solution in original post


All Replies
Cyber Elite

@MBCL88,

Contact your IT department. They can either upgrade the agent bundle (which they should, that's seriously outdated at this point) or provide you a newer release which they can download from the support portal. 

View solution in original post

L1 Bithead

is there some tutorial how to do it? i have direct access, but i dont see there any button or something where i can update agent bundle etc?

Cyber Elite

@MBCL88,

On the GUI:

1) Go to the Device tab

2) Go to the GlobalProtect Client on the bottom left

3) This is where you can download and activate any of the available agent bundles.

 

On the CLI:

request global-protect-client software check 
# This will refresh the agent list

request global-protect-client software download version <version>
# Initiates a job to download the new agent bundle. Just follow the job and wait for it to complete.

request global-protect-client software activate version <version>
# Initiates the activate process and "installs" the selected version.

 

Keep in mind if running in an HA pair or if you have multiple gateways you'll want to have the same agent bundle on all of them. You can jump directly from any agent bundle to the next, there's no intermediate upgrades or anything like that. 

View solution in original post

L1 Bithead

Thank you very much...i downloaded today version 5.2.3-22 and now everythink works

L0 Member

Hi @BPry,

I had GP ver 4.1.13 working well on macOS Catalina. As the @MBCL88 said, I've downloaded and installed ver 5.2.3-22 following updating to macOS Big Sur and it still doesn't work. I get "Gateway GlobalProtect GW IP: Could not connect to the GlobalProtect gateway. Please contact your IT administrator". Just to make sure, I use the correct portal IP and user name and password.

Thank you all for your help, Barak.

Cyber Elite

@barakb,

Just to be clear, the upgrade did fix OPs issue as evident in their last update following the upgrade to 5.2.3. Because you transitioned from a broken 4.1.13 image and did an upgrade to 5.2.3, the first thing I'd have you try is to do a clean install of GlobalProtect 5.2.3 (Uninstall your existing installation completely, then re-install the 5.2.3 package). If that doesn't fix your issue let me know. 

L0 Member

Hi again @BPry 

Unfortunately uninstalling and reinstalling didn't work

Cyber Elite

@barakb,

So two things to check:

1) Look at the PanGPS.log file and see what it's actually stating as far as the gateway connection. It could be that it can't validate something on the actual gateway, that it simply can't reach the gateway, or something similar. The logs are stored at /Library/Logs/PaloAltoNetworks/GlobalProtect/. 

2) Be mindful of the recent SSL lifetime changes Apple has put into place. Your lifetime is capped at 398 days effective September 1st on new certificates and the way that Apple severs the connection makes it appear to GlobalProtect that the connection can't be established, not specifically that the certificate is invalid. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!