Unable to reach Palo Alto - Global Protect Portal.

Hey everyone,
I’m currently deploying a GlobalProtect VPN on a Palo Alto VM-Series firewall running PAN-OS 10.2.16-h4 in AWS.
Everything seems correctly configured according to the official GlobalProtect Admin Guide (portal, gateway, SSL/TLS certs, interfaces, routes, and security policies), but the portal is still unreachable via browser or Test-NetConnection on port 443.

Current setup:

• Portal interface: ethernet1/1 — IP 16.54.17.200, zone untrust

• Gateway interface: same (ethernet1/1)

• Tunnel interface: tunnel.1 — zone corp-vpn

• Mgmt profile: HTTPS enabled

• Security rule: allows any from untrust → untrust (for testing)

• Certificate: self-signed assigned to SSL/TLS profile used by both Portal and Gateway

• Routing: default VR configured correctly

• Processes running: sslvpn_ngx and sslmgr confirmed running

• Ping to 8.8.8.8 works, but portal (https://16.54.17.200 or https://vpn.trustedgateway.org) doesn’t respond.

What I’ve already tried:

• Restarted web-server, sslmgr, and management-server processes.

• Recreated Portal/Gateway from scratch.

• Verified NAT, Security, and Virtual Router configs.

• Updated PAN-OS from 10.2.13-h4 → 10.2.16-h4 (still same issue).

Logs:

No active sessions on port 443.

"admin@PA-VM-CA> show session all filter destination 16.54.17.200 destination-port 443

No Active Sessions".

Question:

Has anyone faced a similar issue where the GlobalProtect portal won’t respond on HTTPS, even when the services and config look fine?

Could this be related to a PAN-OS bug or certificate binding issue?

Any suggestions or debug commands to trace portal traffic at process level would be appreciated.

Preciate any help since I cant create a support ticket on Palo alto!.