====== Troubleshooting GlobalProtect ======
===== Client Logs =====
* PanGP Agent logs are for the GlobalProtect UI program
* PanGP Service logs are for the GlobalProtect service/daemon program. Use this one.
===== PanGP Service Logs =====
**Sections of Service Logs**
* ''----portal processing starts----''
* Portal portal.example.local, user user, logonDomain DOMAIN, saved user user, path C:\Users\user\AppData\Local\Palo Alto Networks\GlobalProtect\
* Portal's ipv4 address 10.1.1.1
* CaptivePortalDetectionThread: wait (2000 ms) for captive portal detection event.
* ''----Portal Pre-login starts----''
* ''----Portal Login starts----''
* ''----Network Discover starts----''
* ''--Set state to Discovering network...''
* Process gateway: host gw.example.local, description gw.example.local
* Gateway gw.example.local ipv4 address is 10.1.1.1
* Gateway gw.example.local: ipv4 10.1.1.1, ipv6 , FQDN yes
* Set network discover in progress
* No ipv6 internal host detection.
* IP 10.1.1.254
* host ihd.example.local
* DnsQuery returns 0
* Resolved 254.1.1.10.in-addr.arpa for internal host detection with return value 0
*The host name is ihd.example.local
* ''--Set state to Discovery complete''
===== Users Connecting with SSL =====
Get a log file dump from the endpoint GlobalProtect and open the ''PanGPS.log'' file.
Look for the following to explain why SSL is being used
Debug( 463): Network is reachable
Info ( 174): Connected to: 1.2.3.4[4501], Sending keep alive to ipsec socket...
Info ( 217): failed to receive keep alive
Debug( 226): Disconnect udp socket
Info ( 307): Connecting to 1.2.3.4 failed
Info ( 226): Start vpn do_connect() failed
Debug( 281): do_disconnect is called in VPN stop
Debug( 485): ipsec failed to start
===== Check Endpoint CLient is Running =====
For Macs perform the following (Via Terminal):
netstat -an | grep 4767
For Windows, perform the following (Via CLI):
netstat -an | find "4767"