03-21-2022 08:06 AM
We have multipe clients in Mexico and Dubai that are having issues with the GP client (5.2.9-35) connecting. I have a ticket opened but figured I woudl post as well.
03-21-2022 08:23 AM
What error message are they actually receiving on the agent? Have you looked at the PanGPS logs to verify what the service logs are actually saying? Do you have any restrictions on your portals/gateways that would limit the client from connecting from Mexico or Dubai?
03-21-2022 08:32 AM
Thanks for the reply BP. I am trying to get all that data you reference now. So far we only have that they cannot connect. I have not even thought about any restrictions. I will look into that.
03-21-2022 08:55 AM
Hi there, you may get pangps log according to this step
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaLCAS
then you should be able to narrow down the issue if it's due to network issues , certificates, gateway issues
you can paste the error here so we can understand more detailed about the issue that you're experiencing
04-07-2022 01:20 PM
Thanks for the feedback. I was finally able to get some logging data from the GP client and a response from the Engineer. We are only seeing this in one region. We have a US region that is working but a Canadian region that is not. Logging data below.
(P5432-T4436)Debug(5850): 04/06/22 10:21:27:177 NetworkDiscoverThread: network type is external.
(P5432-T4436)Debug(5936): 04/06/22 10:21:27:177 NetworkDiscoverThread: Discover external network.
(P5432-T4436)Debug( 528): 04/06/22 10:21:27:177 Discover external gateway: gateway count is 3, cutoff time is 5, bJustResumed=0
(P5432-T4436)Debug( 679): 04/06/22 10:21:27:178 gateway 0 of canada-west-dentons.gpo5yo5sjo5j.gw.gpcloudservice.com is manual select only, will not be in rediscover list
(P5432-T4436)Debug( 679): 04/06/22 10:21:27:178 gateway 1 of canada-central-dentons.gpo5yo5sjo5j.gw.gpcloudservice.com is manual select only, will not be in rediscover list
(P5432-T4436)Debug( 679): 04/06/22 10:21:27:178 gateway 2 of canada-east-dentons.gpo5yo5sjo5j.gw.gpcloudservice.com is manual select only, will not be in rediscover list
(P5432-T4436)Debug( 714): 04/06/22 10:21:27:178 There is no gateway suitable to discovery
(P5432-T4436)Error(6044): 04/06/22 10:21:27:178 NetworkDiscoverThread: failed to discover external network.
(P5432-T4436)Debug(6068): 04/06/22 10:21:27:178 Network discovery failed, set error as The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
(P5432-T4436)Debug(7064): 04/06/22 10:21:27:178 --Set state to Disconnected
04-07-2022 02:58 PM
try GP 5.2.11 is a good version
04-07-2022 03:01 PM
Also you need to add Mexico and Dubai into your GP gateway so they can connect.
04-07-2022 03:28 PM
I need to review the doc on fixes to that version. Maybe that's an issue. We were thinking that as well but waiting to hear back from PA on the log review. That has been a challenge at this point.
04-07-2022 03:30 PM
That's what we have been trying to identify from PA. Are we missing a GEO setting somewhere that may be blocking as we have US clients that have no issues so I don't think its the GP client config.
04-07-2022 03:33 PM
Also I recommend to do Wireshark captures on the PANGP interface and the wire\wifi Interface too
04-07-2022 03:34 PM
do Dumps from GP with Wiresharks
04-07-2022 03:36 PM
Our regions are set to any.
04-07-2022 03:38 PM
That is a challenge, Asking our clients to do that. I was hoping the GP logs would direct us towards a fix.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
