Palo Alto Networks Knowledgebase: GlobalProtect Portal Error: 'Failed to retrieve info for gateway', 'tunnel to x.x.x.x is not created'

GlobalProtect Portal Error: 'Failed to retrieve info for gateway', 'tunnel to x.x.x.x is not created'

Created On 02/07/19 23:47 PM - Last Updated 02/07/19 23:47 PM


When configuring a GlobalProtect Portal, a tunnel interface needs to be used. Configuring GlobalProtect Portal with no tunnel interface will result in the following error:

  • Failed to retrieve info for gateway x.x.x.x
  • Tunnel to x.x.x.x is not created


(T1484) 07/06/12 14:40:39:729 Info (9766): Gateway:, client IP:

(T1484) 07/06/12 14:40:39:729 Debug(3707): Set 0 sorted gateway Duration: 15ms

(T1484) 07/06/12 14:40:39:729 Debug(3710): disconnect ssl.

(T1484) 07/06/12 14:40:39:729 Debug(3713): Gateway's response time is 15 ms.

(T1484) 07/06/12 14:40:39:729 Debug(3717): returns 1.

(T1484) 07/06/12 14:40:39:729 Debug(4398): ProcessExternalGatewayThread: gateway has been processed. Duration is 0xF(15)

(T1484) 07/06/12 14:40:39:729 Debug(4400): ProcessExternalGatewayThread: Set measure end event for gateway

(T2424) 07/06/12 14:40:39:729 Debug(4190): Got hMesureEndEvent

(T2424) 07/06/12 14:40:39:729 Debug(4208): Outside the wait loop. bTunnelCreated is 0

(T2424) 07/06/12 14:40:39:729 Info (9298): CPanMSService::PickGatewayBaseOnWeight, PAN_NEW_GATEWAY_SELECTOR, chose prefered gateway index =0

(T2424) 07/06/12 14:40:39:729 Debug(4323): retrieve info of gateway

(T2424) 07/06/12 14:40:39:729 Debug(3401): CPanMSService::SetProxyForHost: fAutoDetect: 0 url: proxy: bypass: url: returned proxystr:

(T2424) 07/06/12 14:40:39:729 Debug(4505): CPanMSService::RetrieveGatewayInfo, cert is 00000000

(T2424) 07/06/12 14:40:39:729 Debug(4507): Pre-login...

(T2424) 07/06/12 14:40:39:729 Debug( 142): active session id is 3

(T2424) 07/06/12 14:40:39:729 Error( 208): OpenProcessToken failed 6(T2424) 07/06/12 14:40:39:729 Debug(5072): PrepareRequest...

(T2424) 07/06/12 14:40:39:729 Debug(5080): WinHttpOpenRequest...

(T2424) 07/06/12 14:40:39:729 Debug( 392): CPanHTTPSession::PostRequest: WinHttpSendRequest...

(T2424) 07/06/12 14:40:39:823 Debug(4609): Failed to pre-login to the gateway

(T2424) 07/06/12 14:40:39:823 Error(4364): Failed to retrieve info for gateway

(T2424) 07/06/12 14:40:39:823 Debug(4374): tunnel to is not created.


Configure tunnel interface under Network > GlobalProtect > Gateways for access to the gateway.

  • Create a tunnel interface bound to a virtual router and assigned it to a security zone. The default tunnel interface can also be used.
  • In the tunnel gateway address section, select the particular firewall egress interface address from drop down. Specific IP address on which GlobalProtect portal web service is going to run will be filled in automatically once the interface is selected.

8-9-2012 1-29-25 PM.png


  • Tunnel Interface allows you to give client IP address, you can also give the tunnel a separate zone in order to enforce a different security policy on the global protect users versus the inside LAN users. It even allows you to configure access routes to define networks that will be accessible by the Client through the tunnel.
  • For mobile devices like Appleā€™s iOS enable X-Auth to establish IPSec tunnel to the gateway.

owner: bsyeda

  • Print
  • Copy Link

Choose Language