Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Global Protect Authentication Timing Out Before Configured Radi... - Knowledge Base - Palo Alto Networks

Global Protect Authentication Timing Out Before Configured Radius Server Timeout

47497
Created On 06/24/19 21:57 PM - Last Modified 06/02/20 01:42 AM


Symptom


  • Global Protect Portal/Gateway Authentication Profile is using RADIUS
  • RADIUS Server is using MFA. 
  • RADIUS Server timeout is set to 40 seconds with 2 retries (effective timeout of 120 Seconds)
  • Global Protect User Connects and doesn't complete the authentication process quickly. 
  • Authentication timeout occurs at 30 seconds. 

Environment


  • Global Protect
  • RADIUS Servers

Cause


  • global-protect timeout defaults to 30 seconds.
  • If global-protect timeout lower than RADIUS server profile timeout/retries, the lower value will be used to timeout the authentication. 
  • The timeout value is the timeout between Global Protect Client and firewall's Global Protect Portal/Gateway web-server. 

Resolution


  • Increase the global-protect-timeout value to be greater than the desired RADIUS authentication timeout. 
>configure
# set deviceconfig setting global-protect timeout 120
#commit

Additional Information


How To Modify The Tunnel Keepalive For GlobalProtect Clients
 
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 238,862
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMD5CAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language