01-23-2026 08:32 AM
we had an internet outage at out data center this last monday. it dropped all users off VPN. the users are trained that if they cant connect to production VPN to try the DR site VPN. only about 1/3 of the users were able to connect to the DRVPN. the rest got a message "The network connection is unreachable or the portal is unresponsive. Check the network connection and reconnect"
I am always skeptical of any error message that says its the network, as that seems to be the default error from MS. And if 1/3 of the users were able to connect, then its not the network at the head end. What does this error message really mean?
the DR site VPN is running the same PANOS, all users are running the same version of GP, and all users are running Win11. The configuration of the production and dr VPN are as identical as possible ( given variances for IP addressing ).
We do run a DR test once a year (usually in May). VPN is tested at that point by about 1/3 of the users, and there was no issue at the time. and with the 1/3 of users during the DR test and the 1/3 who could connect monday - some are the same but most are different. Almost all of our IT dept could not connect monday, but do connect during dr testing.
01-23-2026 08:40 AM
Does the DR site have the exact same configuration and is it the same series? Have you checked the PanGPS logs of someone who can't connect to actually see what error the service itself is providing, that's where you'll get detailed information from the client side of things.
01-23-2026 08:49 AM
same series, same configuration (except ip addressing). I was out of the office when this happened, so i couldnt troubleshoot at the time. unfortunately the logs have rolled off now. the attached "connection failed" screenshot is all i have. but the same message is attached to a dozen vpn problem tickets .
01-23-2026 08:53 AM
The local client PanGPS logs have all already rolled? If that's actually the case, I don't think you're going to have enough to further troubleshoot this properly. The agent itself is rather generalized when it comes to connection issues, but PanGPS.log includes actual details about where the process is failing. Not having that you're stuck with just the DR firewall GlobalProtect logs, but I would assume that those have already been checked and found to not be an issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
