This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About pan219
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About pan219
25Posts
6Likes
1Solution
Last Visited
User
Activity
User
Profile
Latest posts by pan219
| Subject | Views | Posted |
|---|---|---|
| 2182 | 12-12-2022 02:52 AM | |
| 695 | 11-09-2022 08:40 AM | |
| 897 | 10-31-2022 02:27 AM | |
| 738 | 10-23-2022 11:50 PM | |
| 1488 | 10-12-2022 02:13 AM | |
| 1908 | 01-25-2022 01:32 AM | |
| 1989 | 01-18-2022 12:06 PM | |
| 4127 | 09-25-2019 12:12 AM | |
| 4128 | 09-24-2019 11:21 PM | |
| 5125 | 09-24-2019 09:32 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 11-09-2022 08:40 AM | |
| 1 Like | 10-31-2022 02:27 AM | |
| 1 Like | 10-12-2022 02:13 AM | |
| 2 Likes | 09-25-2019 12:12 AM | |
| 1 Like | 02-13-2019 12:55 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 01-04-2019 08:21 AM |
| Date Last Visited | |
| Posts | 25 |
| Total Likes Received | 6 |
12-12-2022
02:52 AM
is it a pa-220 by any chance? we (at least another person I have direct contact with) has issues since updating to 10.2.3 and GP connections failing. I see the same error messages in gp logs, coming from mobile devices. https://live.paloaltonetworks.com/t5/general-topics/globalprotect-ios-stuck/td-p/487381
... View more
11-09-2022
08:40 AM
1 Kudo
have you seen any progress in resolving this issue? (im Sinne der der anderen Forenteilnehmer verzichte ich auf die deutsche Sprache)
... View more
10-31-2022
02:27 AM
1 Kudo
Sadly, it is not fixed in 10.2.3 as I am running into this issue every few days also (PA220, 10.2.3) Besides this unfixed issue they introduced another showstopper-bug which makes it impossible to connect to GP with local user accounts on the palo using iOS - downgrading to 10.2.2.-h2 does not fix this mess.
... View more
10-23-2022
11:50 PM
nope, no news. I am waiting for the next update, as downgrading to a previous versions did not solve it. Someone at reddit mentioned that this bug is under ID 191216 from PAN.
... View more
10-12-2022
02:13 AM
1 Kudo
Having the same issue like @itfromgermany after upgrading PAN220 to 10.2.3 from 10.2.2-h2 Prior to the upgrade iOS 16.0.x clients were able to connect successful via GP App 6.0.2-0 to portal and then establishing an IPSec connection. Using local authentication on the fw, no SAML. iOS Clients can connect to the portal and successfully authenticate on the pan but forwarding to the gateway results in an continuous loop (seen in the gp logs: successful auth, then followed by a gateway-register / gateway-logout loop in a 1sec inverall; in iOS app it's just stuck at "Connecting"
Tried to downgrade- unsuccessful
Fiddled with the configuration in any possible way - unsuccessful
... View more
01-25-2022
01:32 AM
some more clarification: - I have limited the source address: x.x.x.x/x - the loopback ip is an address object in the format x.x.x.x without the /32 - gateway and portal sitting on the loopback interface - in gateway configuration - agents - tunnel settings: tunnel mode and ipsec is enabled
... View more
01-18-2022
12:06 PM
Hi Supergonzo, after some fiddling and trial an error I found the solution. Initially I also tried the fqdn workaround you mentioned above, also no success. The breakthrough: Instead of using an address object limited to the assigned WAN IP I have created an address object with the ip range 0.0.0.0/0 which is used in any rules (NAT as well as Security Policy). That's the only change I have made to the original setup. Lo and behold, this configuration works flawlessly since 2 years.
... View more
09-25-2019
12:12 AM
2 Kudos
wow..I really think I found the solution to this weird problem. it is reproducible (for me at least). It somehow is related to the address object being named 0.0.0.0 with netwmask 0.0.0.0/0 which caused this issue even though it wasn't used anywhere in relation to where the problem occurred. I use the address object at 3 locations: - hairpin nat rule ntp - hairpin nat rule dns - global protect gateway split tunnel access route inclusion I had already created a new address object on the journey of troubleshooting and replaced it in the two nat rules which was no success. I now have gone the same route but this time replaced the object also in the global protect gateway split tunnel access route inclusion and the problem disappeared. Object name 0.0.0.0 (network range 0.0.0.0/0) caused the problems if it is placed in split tunnel inclusions Object name ALL (network range 0.0.0.0/0) works as expected. so the problem is related to the name which is pretty weird. NO PROBLEM WEIRD PROBLEM
... View more
09-24-2019
11:21 PM
The rule name being blanked out is the exact same rule which blocks the traffic in the log which makes no sense at all. It really must be some weird bug I am experiencing (not the first time since I am always running the newest version on this lab device with multiple configuration changes frequently...) The problem always appears when address objects are involved, be it in security policy or decryption policy. Ticket is open with TAC since 5 days now I'll keep you posted on this as the sudden nature of this issue really can freak one out running in production environment. I wouldn't have noticed it this fast if it wasn't for the first security policy rule which blocks all traffic based on membership of an dynamic address group which at the time the FW was blocking everything has contained 0 members but it blocked all traffic.
... View more
09-24-2019
09:32 AM
Sadly it won't work with PA- I had it working in the past but suddenly it stopped working. I do not remember from which version of 8.x it stopped working but I really tried absolutely everything to solve it without any luck. It is not related to DNS as far as I can tell since I have not used my providers DNS servers from the beginning and have DNS requests to any external server u-turned to my internal servers.
... View more
09-24-2019
02:09 AM
Since about 4 days I am experiencing a critical problem in relation to policy rules with address objects and suspect an update to address/region objects has caused this mess as I am experiencing this issue with: - manually added address objects - predefined country regions - dynamic address groups (based on tags- even if the address group is empty it is treated by the FW as if every host is in the group, like 0.0.0.0/0) Those rules have been working flawlessly for months. I am running 9.0.3-h3 on this lab device and already have a opened a support case. The following pictures describe the problem best. The only change I have made was creating an address object (yet unused) named 0.0.0.0/0 with the same network range which should not cause the problem at all, except if there is a unknown bug... I already have confirmed via CLI that it is not a problem with the web gui (contents of address objects, region etc.). I also recreated affected rules which does not solve the problem. After those exceptions I have set a catch-all rule for decryption of any other traffic. Problem is, traffic does not make to the catch-all since the rule erroneously catches everything when address objects are assigned.
... View more
02-17-2019
12:28 PM
The problem with EDLs failing to refresh also still exists. I had set up a certificate profile for each additional edl I use. With 8.1.6 it works flawless, with 9.0 I cannot get it to work with an certificate profile attached. I have set it to none for the EDLs to refresh. I receive different error messages, ranging from ocsp cannot be queried to failed to refresh, using local copy.
... View more
02-17-2019
09:35 AM
I just have given it another try becuase of the dns service and bulletproof hosters edl. Wildfire issues still seems to exist, I'll keep an eye on it. THis time I noticed another thing- all my custom URL Filtering Lists have been reset to allow all! Might be worth checking yours aswell.
... View more
02-17-2019
12:06 AM
I have rolled back to 8.1.6 as I was not able to get this solved, but as long as I have been on 9.0 those error have been prevalent.
... View more
02-13-2019
12:55 PM
1 Kudo
for my home network it's the "production device", so make or break 🙂 but I never would roll out any updates to a corporate device this fast.
... View more
Contact Me
Likes From
| User | Likes Count |
|---|---|
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks