This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About kkolk
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About kkolk
09-07-2021
4Posts
1Like
0Solutions
Sep 07, 2021Last Visited
User
Activity
User
Profile
Latest posts by kkolk
| Subject | Views | Posted |
|---|---|---|
| 2195 | 10-04-2012 11:07 AM | |
| 2569 | 10-04-2012 08:38 AM | |
| 2957 | 04-21-2011 07:16 AM | |
| 3050 | 04-18-2011 10:25 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-04-2012 08:38 AM |
User Badges
Community Statistics
| Member Since | 04-01-2011 09:49 AM |
| Date Last Visited | 09-07-2021 04:19 PM |
| Posts | 4 |
| Total Likes Received | 1 |
10-04-2012
11:07 AM
That doesn't really address the issue, when it's configured for the default (SSO - YES, On Demand - NO) a client connecting under that configuration gets a configuration error on the Palo Alto and a "Portal Error" on the client.
... View more
10-04-2012
08:38 AM
1 Kudo
I am having a problem with my GlobalConnect configuration. Everything works fine when I have it set to On Demand. However, I have a set of users I want to effectively have the VPN always on, so for them I've created a second configuration but when a user in this group connects I get the following error in my System Log: GlobalProtect portal client configuration failed. Login from: MyIpAddress, User name: MyUser. Here is the portion of my configuration related to the GlobalProtect Portal, the only difference between the two configurations is the toggling of OnDemand from On to Off:
<global-protect-portal>
<entry name="Standard VPN Portal">
<portal-config>
<local-address>
<ip>#.#.#.#/26</ip>
<interface>ethernet1/1</interface>
</local-address>
<authentication-profile>Standard VPN Users</authentication-profile>
<server-certificate>STAR10_company_com</server-certificate>
</portal-config>
<client-config>
<configs>
<entry name="Always On">
<hip-collection>
<max-wait-time>20</max-wait-time>
</hip-collection>
<gateways>
<external>
<list>
<entry name="#.#.#.#">
<priority>1</priority>
</entry>
</list>
</external>
<cutoff-time>0</cutoff-time>
</gateways>
<source-user>
<member>us10\remote access always on</member>
</source-user>
<agent-ui>
<welcome-page>
<display>no</display>
</welcome-page>
<agent-user-override>with-comment</agent-user-override>
<enable-advanced-view>yes</enable-advanced-view>
<can-save-password>yes</can-save-password>
<agent-user-override-timeout>0</agent-user-override-timeout>
<max-agent-user-overrides>0</max-agent-user-overrides>
</agent-ui>
<agent-config>
<client-upgrade>transparent</client-upgrade>
<rediscover-network>yes</rediscover-network>
<resubmit-host-info>yes</resubmit-host-info>
</agent-config>
<internal-host-detection>
<ip-address>#.#.#.#</ip-address>
<hostname>wdc01.company.local</hostname>
</internal-host-detection>
<use-sso>yes</use-sso>
<on-demand>no</on-demand>
</entry>
<entry name="On Demand">
<hip-collection>
<max-wait-time>20</max-wait-time>
</hip-collection>
<gateways>
<external>
<list>
<entry name="#.#.#.#">
<priority>1</priority>
</entry>
</list>
</external>
<cutoff-time>0</cutoff-time>
</gateways>
<source-user>
<member>us10\remote access full</member>
<member>us10\remote access standard</member>
</source-user>
<agent-ui>
<welcome-page>
<display>no</display>
</welcome-page>
<agent-user-override>with-comment</agent-user-override>
<enable-advanced-view>yes</enable-advanced-view>
<can-save-password>yes</can-save-password>
<agent-user-override-timeout>0</agent-user-override-timeout>
<max-agent-user-overrides>0</max-agent-user-overrides>
</agent-ui>
<agent-config>
<client-upgrade>transparent</client-upgrade>
<rediscover-network>yes</rediscover-network>
<resubmit-host-info>yes</resubmit-host-info>
</agent-config>
<internal-host-detection>
<ip-address>10.#.#.#</ip-address>
<hostname>wdc01.company.local</hostname>
</internal-host-detection>
<use-sso>yes</use-sso>
<on-demand>yes</on-demand>
</entry>
</configs>
<agent-user-override-key>-AQ==9EIX</agent-user-override-key>
<client-certificate>Standard VPN Client</client-certificate>
</client-config>
</entry>
</global-protect-portal>
Is there a reason why switching to On Demand to No should generate a configuration error? It's not due to having two separate groups, if I set OnDemand to Yes on the broken group it immediately starts working....
... View more
Labels:
- Labels:
-
Configuration
-
Troubleshooting
04-21-2011
07:16 AM
I was in Windows 7 w/ Firefox 4.0. So the issue shows up in more then one browser. That said I did several commits today and didn't get the error once.
... View more
04-18-2011
10:25 AM
I've upgraded ours to 4.0.2 and the only issue I've had so far is that when you do a commit or a similar function at the end of the ajax call rather then success often you get an AJAX error. At which point if you close that window and click anywhere in the web GUI you get booted back to login. If you login again you'll then see that you have two sessions open. The old broken one and a new one.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks