Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

GlobalProtect SSL error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect SSL error

L0 Member
(P19520-T11728)Dump (1338): 02/09/22 16:16:12:010 SSL_connect: initialization
(P19520-T11728)Dump (1338): 02/09/22 16:16:12:010 SSL_connect: write client hello A
(P19520-T11728)Dump (1355): 02/09/22 16:16:12:059 SSL_connect:error in SSLv2/v3 read server hello A
(P19520-T11728)Debug( 324): 02/09/22 16:16:12:059 SSL connect failed
(P19520-T11728)Debug(  60): 02/09/22 16:16:12:059 detailed SSL error info:
(P19520-T11728)Debug( 801): 02/09/22 16:16:12:059 connect() failed
(P19520-T11728)Dump ( 822): 02/09/22 16:16:12:059 Disconnect tcp socket 

Hello,

Please can someone help me with this GlobalProtect error. The logs don't seem to show any detailed SSL error information. It is blank. I can let you know what I have tried, bearing in mind this is a test portal + gateway, we have a production portal + gateway on the same PA-5220 that works perfectly fine.

  • Both GP and GW certs have been reissued just in-case
  • Tried 3 different GP clients (5.0.5, 5.2.5 and 5.2.10).

What else can I do to help with the troubleshooting process.

Please and thank you

G.

2 REPLIES 2

Cyber Elite
Cyber Elite

@thetechknowg,

Looks like GlobalProtects logging is cutting off the error number that would/should be getting returned. I would use openssl to validate that you can complete the handshake properly from the same client outside of the Globalprotect Agent. My guess is that this isn't really a Globalprotect Agent issue and you'll see the same handshake failure in your openssl test. 

L0 Member

Thanks BPry, I'll see if we can get this test in place.

  • 2624 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!