GlobalProtect VPN SSL - disconnect

cancel
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect VPN SSL - disconnect

L2 Linker

Hello,

 

I have a customer that many of his VPN SSL clients are disconnected many times during the day. In the GP logs (pan_gp_event.log) I can found : "Tunnel is down due to socket closed"

 

PAN-OS 9.0.7

GP Agent : 5.0.8

 

Before updating the agent or switching to IPsec, Is there a VPN SSL "mode"  BUG in that specific OS/Agent version ?   

5 REPLIES 5

L7 Applicator

are these users on cable or wifi,

I only ask as we had a similar issue with the same socket closed error but it was OK when the user connected to their router via a cable,  we installed a different wifi interface driver and this resolved the issue.

 

there was a pointer to this failure in the windows event log, perhaps look there for some other clues.

 

 

 

There are on "wired" network, not WIFI. I will try a GP agent update to see if its better.  

Ok but this may still be a nic driver issue. I would still check the windows event log.

L1 Bithead

Do you have HIP Checks enabled? If you do and are not using them, un-check the "collect HIP data" on the portal settings. As this, even with Always on, enacts the inactivity timer configured under that gateway. We encountered a similar constant drop in connection when leveraging SSL, disabling HIP collection corrected it. Seems like the expected behaviors do not always function as expected.  

We also facing same problem and HIP check is mandatory since we proving access only if HIP matched, is it a bug or any solution available ?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!