Details
When a GlobalProtect Satellite establishes a connection to a GlobalProtect gateway, users have the option to manually make the GlobalProtect Satellite refresh the GlobalProtect gateway config or reconnect to the GlobalProtect gateway.
Reconnect to gateway:
From the WebGUI: In order to make the GlobalProtect Satellite reconnect to the GlobalProtect gateway, go to Network > IPSec Tunnels > GlobalProtect Satellite. Click on "Gateway Info" and check the gateway config and click "Reconnect to GW" as shown below:
From the CLI:
Use the following CLI command to make the GlobalProtect Satellite reconnect to the GlobalProtect gateway:
> test global-protect-satellite gateway-reconnect satellite GP-Satellite
gateway-address 10.66.24.94 method activation
Please use "show global-protect-satellite current-gateway gateway 10.66.24.94
satellite GP-Satellite" to check gateway info
> show global-protect-satellite current-gateway gateway 10.66.24.94 satellite
GP-Satellite GlobalProtect Satellite : GP-Satellite (1 gateways)
Gateway Info: 10.66.24.94
Get Config State:
Refresh Time (seconds) : 7200
Failed Refresh Time (seconds) : 300
Current Get Config : success
Max Get Config Retries : 34
Number Get Config Failed : 0
Config Timer Activated : yes
Next Get Config Time (seconds) : 7162
Cached Get Config Time (seconds) : 0
Failed Reason :
Portal Config:
GlobalProtect Gateway Name : Gateway-FW-94
GlobalProtect Gateway Address : 10.66.24.94
Priority : 1
Gateway Config:
Gateway Tunnel Name : GP-Gateway-S
Gateway Tunnel Interface : tunnel.6
Gateway Tunnel id : 9
Gateway Tunnel IP : 7.7.7.1
Gateway Additional Tunnel IPs :
Status : Active
Status Time : Jan.19 21:12:03
Reason : Tunnel monitoring up
Config Refresh Time (hours) : 2
IP Address : 172.17.1.1
Default Gateway : 7.7.7.1
Netmask : 255.255.255.255
Access Routes : 192.168.94.0/24
Denied Routes :
Duplicate Routes :
DNS Servers :
DNS Suffixes :
Tunnel Monitor Enabled : Yes
Tunnel Monitor Interval : 3 seconds
Tunnel Monitor Action : wait-recover
Tunnel Monitor Threshold : 5 attempts
Tunnel Monitor Source : 172.17.1.1
Tunnel Monitor Destination : 7.7.7.1
Tunnel Monitor Status : Up
Note: Users can also manually trigger the GlobalProtect Satellite to disconnect or initially connect to the GlobalProtect gateway using the following CLI command:
> test global-protect-satellite gateway-
> gateway-connect Trigger GlobalProtect satellite connects to gateways
> gateway-disconnect Trigger GlobalProtect satellite disconnects from gateways
> gateway-reconnect Trigger GlobalProtect satellite reconnects to gateways
Refresh the gateway config:
From the WebGUI: In order to make the GlobalProtect Satellite retrieve any config changes made to the GlobalProtect gateway, go to Network > IPSec Tunnels > GlobalProtect Satellite. Click on "Gateway Info" and check the gateway config and click "Refresh GW Config", as shown below:
From the CLI:
Use the following CLI command to refresh the gateway config:
> request global-protect-satellite get-gateway-config gateway-address 10.66.24.94
satellite GP-Satellite
Please use command "show global-protect-satellite current-gateway gateway
10.66.24.94 satellite GP-Satellite" to display gateway connection status
Note: Usually GlobalProtect Satellites refresh the gateway configuration for the hour value configured in the GlobalProtect Gateway Satellite config as shown below. The default value is 1 hour and maximum value is 48 hours.
owner: gchandrasekaran