05-03-2022 02:13 PM
I have been having an issue over 2022 in that some users when logging on remotely via Prisma cant connect. I have tracked it down and it seems to be a fairly new windows widget in windows10 where a weather and location widget loads.
To get around it i had to create a prelogon rule to allow access to external internet services, the logon works as expected. We think we have narrowed it down to the following urls -
It looks like the windows 10 build tries to connect to these resources before the full tunnel is built.
Just curious but has anyone else seen this issue and know why this widget would cause the pre-tunnel to fail
05-07-2022 04:01 AM
I would suggest to open a TAC case to check the PanGPS logs on the global protect to see why the connection fails. Even when the windows needs to connect to these URL's, it should not stop GP from connecting. Unless for some reason, the OS or any other app is blocking the PanGPS process from connecting in first place.
05-09-2022 12:38 AM
Also you may try "Before Logon" to see if there is the same issue https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-rele... . Also what is your version of the globalprotect agent as better be on the latest to know that is not an issue that is solved.
05-09-2022 12:52 AM - edited 05-21-2022 02:11 AM
Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is to authenticate the endpoint (not the user) and enable domain scripts or other tasks to run as soon as the endpoint powers on. myfiosgateway.com
05-09-2022 01:51 PM
Hello, I opened a TAC case with Palo but am not getting any results. They say based on your findings, the PanGPS/PanPGS process are not the cause of the crash rather they are the victims of the crash. They have asked me to perform Windows level investigations first as this issue behaviour include Windows taskbar freeze, WiFi modifications but this does not help me resolve why the Prisma clients cannot connect remotely. If i turn off Global Protect on the users laptop they can connect no problem to the Corporate Network. Its only over Prisma the user has a problem connecting
any advice is welcome
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!