Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Difference Between Reconnect to GW” and "Refresh GW Config" in LSVPN"

Difference Between Reconnect to GW” and "Refresh GW Config" in LSVPN"

21348
Created On 09/26/18 13:50 PM - Last Modified 06/09/23 08:52 AM


Resolution


Details

When a GlobalProtect Satellite establishes a connection to a GlobalProtect gateway, users have the option to manually make the GlobalProtect Satellite refresh the GlobalProtect gateway config or reconnect to the GlobalProtect gateway.

 

Reconnect to gateway:

From the WebGUI: In order to make the GlobalProtect Satellite reconnect to the GlobalProtect gateway, go to Network > IPSec Tunnels > GlobalProtect Satellite. Click on "Gateway Info" and check the gateway config and click "Reconnect to GW" as shown below:

img1-edit.png

 

From the CLI:

Use the following CLI command to make the GlobalProtect Satellite reconnect to the GlobalProtect gateway:

 

> test global-protect-satellite gateway-reconnect satellite GP-Satellite 
gateway-address 10.66.24.94 method activation
Please use "show global-protect-satellite current-gateway gateway 10.66.24.94 
satellite GP-Satellite" to check gateway info

> show global-protect-satellite current-gateway gateway 10.66.24.94 satellite
GP-Satellite 
GlobalProtect Satellite : GP-Satellite (1 gateways)
Gateway Info: 10.66.24.94
Get Config State:
Refresh Time (seconds)          : 7200
Failed Refresh Time (seconds)    : 300
Current Get Config              : success
Max Get Config Retries          : 34
Number Get Config Failed        : 0
Config Timer Activated          : yes
Next Get Config Time (seconds)  : 7162
Cached Get Config Time (seconds) : 0
Failed Reason                    :

Portal Config:
GlobalProtect Gateway Name      : Gateway-FW-94
GlobalProtect Gateway Address    : 10.66.24.94
Priority                        : 1

Gateway Config:
Gateway Tunnel Name              : GP-Gateway-S
Gateway Tunnel Interface        : tunnel.6
Gateway Tunnel id                : 9
Gateway Tunnel IP                : 7.7.7.1
Gateway Additional Tunnel IPs    :
Status                          : Active
Status Time                      : Jan.19 21:12:03
Reason                          : Tunnel monitoring up

Config Refresh Time (hours)      : 2
IP Address                      : 172.17.1.1
Default Gateway                  : 7.7.7.1
Netmask                          : 255.255.255.255
Access Routes                    : 192.168.94.0/24
Denied Routes                    :
Duplicate Routes                :
DNS Servers                      :
DNS Suffixes                    :
Tunnel Monitor Enabled          : Yes
Tunnel Monitor Interval          : 3 seconds
Tunnel Monitor Action            : wait-recover
Tunnel Monitor Threshold        : 5 attempts
Tunnel Monitor Source            : 172.17.1.1
Tunnel Monitor Destination      : 7.7.7.1
Tunnel Monitor Status            : Up

 

Note: Users can also manually trigger the GlobalProtect Satellite to disconnect or initially connect to the GlobalProtect gateway using the following CLI command:

> test global-protect-satellite gateway-
> gateway-connect      Trigger GlobalProtect satellite connects to gateways
> gateway-disconnect  Trigger GlobalProtect satellite disconnects from gateways
> gateway-reconnect    Trigger GlobalProtect satellite reconnects to gateways

 

Refresh the gateway config:

From the WebGUI: In order to make the GlobalProtect Satellite retrieve any config changes made to the GlobalProtect gateway, go to Network > IPSec Tunnels > GlobalProtect Satellite. Click on "Gateway Info" and check the gateway config and click "Refresh GW Config", as shown below:

img2-edit.png

 

From the CLI:

Use the following CLI command to refresh the gateway config:

> request global-protect-satellite get-gateway-config gateway-address 10.66.24.94 
satellite GP-Satellite

Please use command "show global-protect-satellite current-gateway gateway
10.66.24.94 satellite GP-Satellite" to display gateway connection status

 

Note: Usually GlobalProtect Satellites refresh the gateway configuration for the hour value configured in the GlobalProtect Gateway Satellite config as shown below. The default value is 1 hour and maximum value is 48 hours.

img5-edit.png

 

owner: gchandrasekaran



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsCCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language