This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
I am facing the same issue. We are currently running 8.1.9-h4. We have User-ID configured and first thing I did was to remove specified AD groups from policies to "Any". Also, under User Identification Networks include/exclude I have disabled those to eliminate that possibility. I have an on-going case open with support but it seems to be at a dead end since we are unable to re-create the issue on demand. When I check the logs on the firewall the username does not populate but it should still work as I changed to "Any". And it is just going straight to the Deny policy with a bunch of not-applicable or incomplete as the application. As if the tcp handshake can not be completed. It is as if the connection is stale. I am still connected to the GlobalProtect but I am not able to access any internal or external resources. Only solution is to disconnect and reconnect GlobalProtect connection. We are running full tunnel so I am wondering if it could be related to local ISP and Internet congestion issues. Anyways, just wanted to share my expericne. If I happened to find a solution I will be sure to update this feed. My next steps is to either update PAN-OS or try an updated GlobalProtect Client version. Please let me know if there is a solution to this issue.
... View more