GlobalProtect Client is not Connecting

GlobalProtect Client is not Connecting

382924
Created On 09/25/18 20:40 PM - Last Modified 05/01/24 03:31 AM


Symptom


  • GlobalProtect client is not able to connect
  • PanGPA.log shows these errors:
    P 195-T519 Oct 09 18:02:17:24315 Info ( 83): Failed to connect to server at port:4767
    P 195-T519 Oct 09 18:02:17:24325 Info ( 460): Cannot connect to service, error: 61
    P 195-T519 Oct 09 18:02:17:24330 Debug( 742): Unable to connect to service

     


Environment


  • Pan-OS
  • Global Protect


Cause


This indicates a problem with the PanGPA service's connection to the PanGPS service on the same workstation.
 

Troubleshooting/Verification

The PanGPS service should be listening on localhost port 4767. To verify, run either of the following commands:

  • For Macs perform the following (Via Terminal):
netstat -an | grep 4767
tcp4 0 0 127.0.0.1.4767 *.* LISTEN

 

  • For Windows, perform the following (Via CLI):
netstat -an | find "4767"
TCP    127.0.0.1:4767         0.0.0.0:0              LISTENING


Resolution


Resolution

If there is no active listener on port 4767, the service didn't start properly. Refer to the PanGPS.log for more information as to why or investigate other custom OS changes that could cause conflict.

 

If there is a listener, try connecting to the port by using the telnet command: telnet 127.0.0.1:4767

If telnet is unsuccessful, check the local firewall for dropped traffic. The workstation's firewall can also be disabled temporarily for testing.

 

 



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk6CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language