07-13-2023 07:20 PM
Hi All,
Needing your assistance. Our GP users on our VPN BC-OKI will get disconnected at least once or twice the whole day. I check the ISP interfaces and HA and IP Sec tunnels all are up. Currently i'm connected on BC OKI now and I'm a newbie on Palo alto.
The setup of our net work is our Okinawa site has 2 ISP's and it has a IP SEC tunnels going to YOK site. All the servers and apps are accesible through Yokohama site because it has SDWAN while our OKI Doesn't have. So I check the HA,IP SEC , ISP interfaces all are up. I check the logs-system on our OKI firewall and I see this message please see attached screen shot. the DENDC DNS is our backup DATA center while the SAC DNS is our main data center. On our OKI firewall the Secondary NTP server address is the DNS address of our SAC data center. The primary tunnel on YOK going to OKI is still down because the Primary ISP still has issues. While the secondary tunnel is up. I check the error logs on Global protect and I see a lot of DNS errors. Seems that there is a problem on loadsharing when traffic traverse to SEC IP SEC tunnel. Will this get fix if the Primary ISP is up as well as the primary Tunnel?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
