GlobalProtect on Mac does not retry after network connection unreachable.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect on Mac does not retry after network connection unreachable.

L1 Bithead

We are deploying Prisma Access on both mac and windows computers.

 

On the Mac computers, when the computer boots and the network is not initialized yet, we get the error:

 

"The network connection is unreachable or the portal is unresponsive. Check the network connection and reconnect."

 

Which is understandable. The issue is when the computer does connect to the network, the VPN client does not try again to connect to the portal automatically.

 

We have configured

 

Automatic Restoration of VPN Connection Timeout (min) to 0

and

Wait Time Between VPN Connection Restore Attempts (sec) to 25.

and

Portal Connection Timeout (sec) to 600

 

What am I doing wrong here?

3 REPLIES 3

L2 Linker

Hello @N.Nicolaides 

What is the connect method you have deployed to your macOS devices? Is it on-demand or user-logon (always-on) or pre-logon? 

Hello,

 

This is always-on.

 

L2 Linker

@N.Nicolaides 

Which globalprotect version are you running on macOS? If you are running GP 6.0, can you please make sure you are running 6.0.7 which is currently the preferred release. If you are already running this GP version or if you are running any of the preferred releases for GP and you are still encountering this issue. I would suggest increasing the timeout value for "TCP Connection Timeout (sec)". Maybe increase it to 15 or 20 seconds as a starter and see if that gives the network enough time to be connect. 

 

The settings below are specifically for the VPN tunnel (after connecting to the gateway and then the tunnel goes down for some reason, these settings are related to restoring the tunnel) 

  • Automatic Restoration of VPN Connection Timeout (min) to 0
  • Wait Time Between VPN Connection Restore Attempts (sec) to 25

 

In always on, the connection should recover as soon as the network is detected as reachable. If you want to further pursue this, I would suggest opening up a TAC case. 

 

  • 803 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!