Saucepan

User Tools

Site Tools

Trace: multi_vsys misc pan_configurator multicast fips sfp threat-logs azure aws_transit_gateway
paloaltonetworks:troubleshooting:global_protect

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
paloaltonetworks:troubleshooting:global_protect [2020/05/29 09:05] – created bstaffordpaloaltonetworks:troubleshooting:global_protect [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 4: Line 4:
   * PanGP Agent logs are for the GlobalProtect UI program   * PanGP Agent logs are for the GlobalProtect UI program
   * PanGP Service logs are for the GlobalProtect service/daemon program. Use this one.   * PanGP Service logs are for the GlobalProtect service/daemon program. Use this one.
 +
 +===== PanGP Service Logs =====
 +
 +**Sections of Service Logs**
 +  * ''----portal processing starts----''
 +    * Portal portal.example.local, user user, logonDomain DOMAIN, saved user user, path C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\
 +    * Portal's ipv4 address 10.1.1.1
 +    * CaptivePortalDetectionThread: wait (2000 ms) for captive portal detection event.
 +  * ''----Portal Pre-login starts----''
 +  * ''----Portal Login starts----''
 +  * ''----Network Discover starts----''
 +    * ''--Set state to Discovering network...''
 +      * Process gateway: host gw.example.local, description gw.example.local
 +      * Gateway gw.example.local ipv4 address is 10.1.1.1
 +      * Gateway gw.example.local: ipv4 10.1.1.1, ipv6 , FQDN yes
 +      * Set network discover in progress
 +      * No ipv6 internal host detection.
 +      * IP 10.1.1.254 
 +      * host ihd.example.local 
 +      * DnsQuery returns 0
 +      * Resolved 254.1.1.10.in-addr.arpa for internal host detection with return value 0
 +      *The host name is ihd.example.local 
 +    * ''--Set state to Discovery complete''
 +
 +===== Users Connecting with SSL =====
 +Get a log file dump from the endpoint GlobalProtect and open the ''PanGPS.log'' file.
 +
 +Look for the following to explain why SSL is being used 
 +<code>Debug( 463): Network is reachable
 +Info ( 174): Connected to: 1.2.3.4[4501], Sending keep alive to ipsec socket...
 +Info ( 217): failed to receive keep alive
 +Debug( 226): Disconnect udp socket 
 +Info ( 307): Connecting to 1.2.3.4 failed
 +Info ( 226): Start vpn do_connect() failed
 +Debug( 281): do_disconnect is called in VPN stop
 +Debug( 485): ipsec failed to start</code>
 +
 +
 +===== Check Endpoint CLient is Running =====
 +For Macs perform the following (Via Terminal):
 +<code>netstat -an | grep 4767</code>
 +For Windows, perform the following (Via CLI):
 +<code>netstat -an | find "4767"</code>
 +
  
  
paloaltonetworks/troubleshooting/global_protect.1590743111.txt.gz · Last modified: (external edit)