Difference Between Reconnect to GW” and "Refresh GW Config" in LSVPN"

Details

When a GlobalProtect Satellite establishes a connection to a GlobalProtect gateway, users have the option to manually make the GlobalProtect Satellite refresh the GlobalProtect gateway config or reconnect to the GlobalProtect gateway.

Reconnect to gateway:

From the WebGUI: In order to make the GlobalProtect Satellite reconnect to the GlobalProtect gateway, go to Network > IPSec Tunnels > GlobalProtect Satellite. Click on "Gateway Info" and check the gateway config and click "Reconnect to GW" as shown below:

From the CLI:

Use the following CLI command to make the GlobalProtect Satellite reconnect to the GlobalProtect gateway:

> test global-protect-satellite gateway-reconnect satellite GP-Satellite 
gateway-address 10.66.24.94 method activation

Please use "show global-protect-satellite current-gateway gateway 10.66.24.94 
satellite GP-Satellite" to check gateway info

> show global-protect-satellite current-gateway gateway 10.66.24.94 satellite 
GP-Satellite GlobalProtect Satellite : GP-Satellite (1 gateways)
Gateway Info: 10.66.24.94
Get Config State:
Refresh Time (seconds)          : 7200
Failed Refresh Time (seconds)    : 300
Current Get Config              : success
Max Get Config Retries          : 34
Number Get Config Failed        : 0
Config Timer Activated          : yes
Next Get Config Time (seconds)  : 7162
Cached Get Config Time (seconds) : 0
Failed Reason                    :

Portal Config:
GlobalProtect Gateway Name      : Gateway-FW-94
GlobalProtect Gateway Address    : 10.66.24.94
Priority                        : 1

Gateway Config:
Gateway Tunnel Name              : GP-Gateway-S
Gateway Tunnel Interface        : tunnel.6
Gateway Tunnel id                : 9
Gateway Tunnel IP                : 7.7.7.1
Gateway Additional Tunnel IPs    :
Status                          : Active
Status Time                      : Jan.19 21:12:03
Reason                          : Tunnel monitoring up

Config Refresh Time (hours)      : 2
IP Address                      : 172.17.1.1
Default Gateway                  : 7.7.7.1
Netmask                          : 255.255.255.255
Access Routes                    : 192.168.94.0/24
Denied Routes                    :
Duplicate Routes                :
DNS Servers                      :
DNS Suffixes                    :
Tunnel Monitor Enabled          : Yes
Tunnel Monitor Interval          : 3 seconds
Tunnel Monitor Action            : wait-recover
Tunnel Monitor Threshold        : 5 attempts
Tunnel Monitor Source            : 172.17.1.1
Tunnel Monitor Destination      : 7.7.7.1
Tunnel Monitor Status            : Up

Note: Users can also manually trigger the GlobalProtect Satellite to disconnect or initially connect to the GlobalProtect gateway using the following CLI command:

> test global-protect-satellite gateway-
> gateway-connect      Trigger GlobalProtect satellite connects to gateways
> gateway-disconnect  Trigger GlobalProtect satellite disconnects from gateways
> gateway-reconnect    Trigger GlobalProtect satellite reconnects to gateways

Refresh the gateway config:

From the WebGUI: In order to make the GlobalProtect Satellite retrieve any config changes made to the GlobalProtect gateway, go to Network > IPSec Tunnels > GlobalProtect Satellite. Click on "Gateway Info" and check the gateway config and click "Refresh GW Config", as shown below:

From the CLI:

Use the following CLI command to refresh the gateway config:

> request global-protect-satellite get-gateway-config gateway-address 10.66.24.94 
satellite GP-Satellite

Please use command "show global-protect-satellite current-gateway gateway 
10.66.24.94 satellite GP-Satellite" to display gateway connection status

Note: Usually GlobalProtect Satellites refresh the gateway configuration for the hour value configured in the GlobalProtect Gateway Satellite config as shown below. The default value is 1 hour and maximum value is 48 hours.

owner: gchandrasekaran