This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

GlobalProtect Issue on PA-3020 9.1.17

Marlo_Perez
L1 Bithead

‎01-10-2024 09:15 PM

Hello everyone,

 

I'd want to seek your guidance on a matter that we're now dealing with. So, last year, around the third week of December, we upgraded the firmware of PA-3020 from 9.1.15 to 9.1.17 as per the advisory of Palo Alto. So far, no issues have been reported following the upgrade, but after a while we have discovered an issue regarding on GlobalProtect (currently on 6.1.0) where some of our users are having difficulties connecting.

 

The error displayed is 'Your GlobalProtect session has been disconnected due to network connectivity issues or session timeouts.' This problem occurs after the user has successfully connected; however, after a few seconds, the error appears. To establish a connection, we need to disconnect and reconnect multiple times—approximately 5-10 times—before successfully connecting and gaining access to our system. Please refer to the image below for a sample of the error.

 

Marlo_Perez_0-1704948532651.png

 

After that, we looked for knowledge base articles about this issue and came across this one. It advises us to upgrade to a different GlobalProtect version other than 6.1.x, so we attempted updating to 6.2.0 and 6.2.2, but encountered more issues. As a result, we reverted back to 6.1.0.

 

We tried various methods, such as uploading the techsupport file to Palo Alto's AutoAssistant Tool, and discovered some information about firewall configuration that attracted my eye. It is about High Resource Utilization. Please see the image below.

 

Marlo_Perez_2-1704949007599.png

 

As stated on the image, this may cause for the new connection requests to fail and the existing once to encounter slowness when accessing the web. So, in order to resolve this issue, we will be trying to use this KB to lower the usage from 94 to 90. We will be performing this later. So for the meantime, I have come across this LIVEcommunity post that is experiencing the same issue, the solution they have done is to rollback from their old version of PAN-OS. Our concern being, we cannot revert back to the old PAN-OS version because of PAN-OS Root Certificate Advisory provided above.

 

May I know if this is a known issue/bug for PAN-OS 9.1.17 on PA-3000 Series?

 

 

Thanks and Best Regards,

Marlo

2 people had this problem.
0 Likes Likes
Who Me Too'd this topic
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks