04-24-2019 06:33 AM
Is there an API or any documentation on how to call the GlobalProtect "Refresh Connection" function from external code? I want to be able to call this function from custom external code. The reason why is to fix a connection issue we are having through automation since we don't want to have to ask users to manually click that option.
If no external API call is possible, is there a command-line option to call "Refresh Connection"?
Why isn't Global Protect smart enough to call Refresh Connection on its own when an always on VPN connection breaks? There should be a way to monitor public IP addresses for reachability and automatically refresh the connection if can't access the public IPs... Our AOVPN breaks frequently when machines go to sleep and wake up, screen is unlocked, etc.
04-24-2019 08:11 AM
Latest version. It has been an issue for us for years on every version and never found a resolution. Opened various tickets with PA, have one opened now.
The GP client needs to be smart enough to refresh the connection itself when it detects lack of network connectivty. I'm trying to write an app in C++ to get-netadapter -interfacedescription "PANGP*" | restart-netadapter via powershell create process call if a certain public IP address can't be reached, but I shouldn't be needing to go to this level. The client needs to have this bug fixed. GP needs to automatically repair itself when Windows wakes from sleep on AOVPN connections / etc.
04-24-2019 08:26 AM
I have 11 open cases about global protect right now 😛
One of them is about the issue you mentionned. Just wait a little longer...
04-24-2019 08:36 AM
I will post back here if we get a solution from Palo Alto, please do the same @Remo
This issue has been on going for years and not acceptable for the software to have such an obvious / easily fixable bug last so long. We shouldn't have to be writing our own code / hacks to fix Palo Alto's VPN client
04-26-2019 08:34 AM
--> Global Protect 5.0.2
10-18-2019 09:30 AM
Hello,
Just want to report that we're also seeing this issue and we're running GP version 5.0.4-16
This is not mentioned in any of the "known issues" documentation.
-Gerson
11-01-2019 02:48 PM
Hi @mtx-admin
What exactly is the problem you're seeing? In which situations does it happen exactly? Do you have an always-on config?
11-08-2019 10:43 AM
That's correct. We have always-on VPN. Whenever I or other users work remotely, very randomly some of our services will stop working (Outlook, Internet, etc.)
It's like the connection goes "stale" even though we're active on the system. Things come back online after we "Refresh Connection" in the VPN client.
We are on GlobalProtect 5.0.5
05-26-2021 11:06 AM
Did this ever get fixed - i have customer who has issues w/ the GP-client not transition the logged-in user from the Prelogon user to the logged-in-user by way of prelogon-always client settings.
05-26-2021 12:11 PM
Hi @JD-SECD
The requested solution in this topic probably isn't the solution for your situation. In the past I already hat some issues like yours and in most of the cases (not all) the issue was a configuration problem or then related to an issue with authentication profiles. Why don't you start a new topic where you describe your issue in detail and the used configuration and then maybe the community is able to help you.
07-17-2021 01:20 PM
Hi @beng
Which issue are you now talking about exactly? The transition from the pre-logon user to the actual user? If yes, then as I wrote 2 months ago, in most cases this is a configuration issue. I assume you use an always on configuration and then what authentication method you you use?
07-19-2021 11:12 PM
Hi @Remo , connect method is Pre-logon (Always On) and authentication method is Azure SAML, using GlobalProtect v5.2.7.
The issue I'm seeing is when a user loses internet, and then regains internet e.g. manually disconnect WiFi, and then connect WiFi.. The Global Protect auto attempt to reconnect continually, however fails with "Gateway <GW_NAME>: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect." The workaround is to manually hit the "Refresh Connection" button.
I've verified via Wireshark on my corporate laptop that there is no DNS resolution for vpn.<domain> upon those auto reconnects/failures, but there is DNS resolution for vpn.<domain> upon a manual "Refresh Connection".
I've logged a TAC case for this issue and will see how that goes... Out of curiosity, would you class this as expected behavior?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
