Where are you going with these questions? Do you know of an issue that's affecting both MACs and PCs or a specific PAN-OS or hardware version? If so, please share them and I can decide if it's feasible for me. I haven't asked for troubleshooting advice but for similar symptoms and how there were handled. Obviously there was a ton of logs showing up prior to the disconnect messages but haven't shown any errors or failures. Right now I'm following on the HIP report processing which is the most likely cause of the issues.
... View more
Hello, Has anyone else have issues with random GP disconnections since recently (May/June/July 2021) on GP version 5.0.x and 5.2.x ? It started around one month ago throughout the whole company and we weren't able to figure out what's going on till now. There is no preceding events logged in the GP debug or dump level trace that would point to an application crash or network failure. The same goes for the event viewer logs. At a random point in time the agent sends a disconnect message to the GP service which start the disconnection process GPA log: (P11804-T8112)Debug( 611): 06/04/21 17:24:21:666 Send command to Pan Service
(P11804-T8112)Debug( 639): 06/04/21 17:24:21:666 Command = <request><type>disconnect</type></request> GPS log: (P9244-T9712)Info ( 502): 06/04/21 17:24:21:666 msgtype = disconnect
(P9244-T9712)Debug(2062): 06/04/21 17:24:21:666 ----Tunnel User Diconnecting starts---- debug_drv.log file: (P9244-T10636)06/04/21 17:24:21:140[Info 450]: Set debug level as 4
(P9244-T9712)06/04/21 17:24:21:776[Debug 573]: Restore IPv4 strong host model for interface 18
(P9244-T9712)06/04/21 17:24:21:776[Info 291]: Unregister ends.
(P9244-T9712)06/04/21 17:24:21:777[Info 260]: ----Driver Control is being stopped
(P9244-T9712)06/04/21 17:24:21:778[Info 411]: Send thread stops.
(P9244-T9712)06/04/21 17:24:21:778[Debug 1368]: Disable adapter be called.
(P9244-T9712)06/04/21 17:24:21:783[Info 1147]: enum devevice ROOT\PANGPD\0000.
(P9244-T9712)06/04/21 17:24:21:783[Info 1166]: DevNode Status 0x180200b, Problem 0x0.
(P9244-T9712)06/04/21 17:24:21:877[Debug 557]: Set adapter ctrl code 0x2 success.
(P9244-T9712)06/04/21 17:24:21:877[Debug 1235]: Disable Adapter success.
(P9244-T9712)06/04/21 17:24:21:883[Info 1147]: enum devevice ROOT\PANGPD\0000.
(P9244-T9712)06/04/21 17:24:21:883[Info 1166]: DevNode Status 0x1802401, Problem 0x16.
(P9244-T9712)06/04/21 17:24:21:883[Debug 1376]: after disable adapter, get adapter status 0x1802401
(P9244-T9712)06/04/21 17:24:21:883[Debug 1400]: Disable adapter end.
I started seeing the "DevNode Status 0x1802401, Problem 0x16." log in the driver debug file around the same time the issues started happening, but I'm not sure (yet) if it's the cause or result of the disconnect. As far as I'm concerned these messages are related to Platform Power Management , so I'm following up on disabling the Power Save and Green Energy Efficiency modes on the NICs. The disconnects happen on both wired and wireless connections. We have a TAC case opened for this but haven't heard back from them. If anyone had issues like this recently, I'd appreciate your time to share your findings. Thanks!
... View more
There are most likely intermittent network issues. In my case there was a loop at the ISP network which lead to packets reaching their TTL value. The tunnel drops happened around the same time when the client received an "ICMP time-to-live exceeded" packet. I recommend looking on the wire (i.e. with wireshark) on the physical interface (not the virtual GP adapter). As a quick workaround you could block incoming ICMP TTL exceeded packets either on the router level or local firewall or increase the IP TTL value in the registry (Windows 10 defaults to 128) should the packet capture reveal that this is actually the case.
... View more