GlobalProtect VPN SSL - disconnect

Reply
L2 Linker

GlobalProtect VPN SSL - disconnect

Hello,

 

I have a customer that many of his VPN SSL clients are disconnected many times during the day. In the GP logs (pan_gp_event.log) I can found : "Tunnel is down due to socket closed"

 

PAN-OS 9.0.7

GP Agent : 5.0.8

 

Before updating the agent or switching to IPsec, Is there a VPN SSL "mode"  BUG in that specific OS/Agent version ?   

L7 Applicator

are these users on cable or wifi,

I only ask as we had a similar issue with the same socket closed error but it was OK when the user connected to their router via a cable,  we installed a different wifi interface driver and this resolved the issue.

 

there was a pointer to this failure in the windows event log, perhaps look there for some other clues.

 

 

 

L2 Linker

There are on "wired" network, not WIFI. I will try a GP agent update to see if its better.  

L7 Applicator

Ok but this may still be a nic driver issue. I would still check the windows event log.

L1 Bithead

Do you have HIP Checks enabled? If you do and are not using them, un-check the "collect HIP data" on the portal settings. As this, even with Always on, enacts the inactivity timer configured under that gateway. We encountered a similar constant drop in connection when leveraging SSL, disabling HIP collection corrected it. Seems like the expected behaviors do not always function as expected.  

L0 Member

We also facing same problem and HIP check is mandatory since we proving access only if HIP matched, is it a bug or any solution available ?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!