Possible Root Cause of an User Complaining of being disconnected from Global Protect on Prisma SaaS/SASE /CASB (Software As A Service/Secure Access Service Edge/Cloud Access Security Broker)
- EndUser
- Time Period issue occured
- Collect the GP logs at the same time from the machine
- Are the Version of Agent Global Protect
- User location, Local Internet Access Issue?
- Password Change Activity reciently?
- Prisma
- Gateway -Performance /CPU/Memory/
- Auto Scaling?
- Any updated or configuration Changes?
- LDAP Authentication Sync
- Issue with Service Connections back to On-Prem?
- Reporting
- ADAM - Notification not configured for individual user
- SCM with ADAM
- Ai Canvas - Report
On the end user’s machine, we performed ping, traceroute, and NS lookup tests both while connected to Global Protect and without Global Protect, and all outputs were normal
or testing purposes, we requested that Global Protect be disconnected and asked you to replicate the issue; however, the site is still not working.
Probable Root Cause:
1. Failed to find PANGP virtual adapter interface
2. The tunnel is down due to disconnection
> The tunnel might be getting down due to keep-alive messages. Confirm PAN_Gps logs for the given timestamp in GP logs.
> Based on the above error "Failed to find PANGP virtual adapter interface", Follow the steps on one of the machines to mitigate the issue:
- Disable WMI services : run - services.msc - Windows Management Instrumentation(WMI) - stop the service.
- Delete the files under C:\Windows\System32\wbem\Repository
- Open regedit Go to HKEY_LOCAL_MACHINE > Software and HKEY_CURRENT_USER > Software. Delete the Palo Alto Networks folder.
- Delete the same if the same folder is present in any other user under HKEY_USERS.
- Uninstall GlobalProtect from Windows 'program and features'.
- Make sure that the virtual adapter in not present in the Network adapter settings.
- Reboot the machine.
- Reinstall GlobalProtect with admin privileges.
- Confirm that WMI service is running.
For more details, kindly have a look at the document:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5eCAC
> For the error "Tunnel is down due to disconnection", please have a look at the document to collect the logs exactly at the time of the issue.
- How to troubleshoot when Global protect gateway tunnel get disconnected due to" keep-alive timeout": https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPgZCAW
- Also, collect the GP logs at the same time from the machine: https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-apps/deploy-the-globalprotect-app-software/view-and-collect-globalprotect-logs
Resources
LIVEcommunity:
https://live.paloaltonetworks.com
Web Portal:
https://support.paloaltonetworks.com
Technical Support:
https://www.paloaltonetworks.com/company/contact-support
https://live.paloaltonetworks.com
Web Portal:
https://support.paloaltonetworks.com
Technical Support:
https://www.paloaltonetworks.com/company/contact-support
No comments:
Post a Comment