Issue passing traffic with Global Protect client 5.2.9 or later

cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
We are conducting regularly scheduled maintenance over the weekend, which could cause some downtime on LIVEcommunity. We apologize for any inconvenience.

Issue passing traffic with Global Protect client 5.2.9 or later

L0 Member

Hi,

 

We have having issues upgrading beyond global protect client 5.2.8. If we upgrade to 5.2.9/5.2.11/6.0.1 we have the following happen on our Windows 10 Enterprise x64 1909 or greater devices. The clients are configured for split tunnel.

 

1. The VPN connection is made and remains connected.

2. The connection gets a DHCP address.

3. Unable to ping any hosts by IP address and get the error message "generic network failure"

4. DNS resolution does not work.

5. The client is marking the virtual adapter as Public and not domain but firewall rules allow all required ports for NCSI probe, DNS, Kerberos etc.

 

Completely lost on what is going on and could do with some help please.

 

3 REPLIES 3

Cyber Elite
Cyber Elite

@Mike.Palmer,

Interesting, this is not an issue I've come across with any of my installations or validation testing. What happens if you make a test client configuration and don't split-tunnel the traffic, does that change behavior at all? If you take a PCAP on the endpoint do you see the traffic attempting to traverse the PanGP adapter? 

@BPry That is the next step in the investigation. What I don't say is we have attempted to install the application on several Windows 10 machines all built in the same way and have the same issue, apart from one of the network teams laptop which works :(.

 

I'll have a word this morning to see if they can get a test laptop and see what they get.

 

Regards

Mike

L4 Transporter

Not a whole lot of help... but we had basically the same symptoms with a Win10 client running 5.2.10, that had been working fine, upgraded to Win11. GP client would connect just fine, received its IP, set DNS servers, routing table correct, but it couldn't ping across the link or actually get DNS responses. It seemed to be something broken in the Windows network stack, that the GP client hooks to intercept/route traffic over the VPN were no longer working. Eventually gave up and uninstalled/reinstalled the GP client at which point everything worked fine again.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!