Strange errors with Globalprotect and PANOS 10.2.3-h2

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Strange errors with Globalprotect and PANOS 10.2.3-h2

L1 Bithead

Hello everyone,

 

We have two strange errors with Globalprotect (v. 5.2.11) since the update to PANOS 10.2.3-h2:
- For internal connections (via tunnel) the connection fails with the event gateway-hip-check with the message "Invalid tunnel end point IP address".
- The external portal is suddenly no longer accessible via https but pingable via the IP and domain.

 

Therefore no clients are connecting anymore.

 

We have already tried to upgrade to PANOS 10.2.3-h4 but it does not show any improvement. Also all deamons are in status running.

Does anyone have another idea? Paloalto support is always relatively slow unfortunately.

 

Regards

Sven

1 accepted solution

Accepted Solutions

L1 Bithead

Is apparently a problem with the upgrade. After a downgrade everything ran normally again. We now wait until the next release and try again.

View solution in original post

5 REPLIES 5

L1 Bithead

As a workaround for the disrupted internal connections, we resolved the internal tunnel. Now all clients connect internally via "Internal connection" directly to the systems instead of via a tunnel.

Externally, however, we do not yet have a workaround, let alone a solution.

L1 Bithead

Is apparently a problem with the upgrade. After a downgrade everything ran normally again. We now wait until the next release and try again.

Hey,

i an runninng into a similar issue were some of the users keeps on getting disconnected randomly. how did you manage to solve it? which version did you went back to? 

Hi,

we have a PA-460 active-passive cluster and had upgrade from version 10.1.8 to 10.2.3-h2. The version was also recommended by Paloalto at that time.

We then went back to version 10.1.8 and are currently still running on that. We will try another upgrade to a higher version soon.

@AmmarBahasan 

 

We ran into Same issue yesterday while on PAN OS 10.2.4-h4 we need to downgrade to 10.0.11-h1 to fix the issue.

During that time only few users were able to connect.

 

Hope this helps1

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 3431 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!