GlobalProtect Agent download fails with error "This site can't be reached"

GlobalProtect Agent download fails with error "This site can't be reached"

Created On 10/15/19 04:01 AM - Last Modified 03/19/20 23:17 PM

  • Endpoint clients connect to Global Protect Portal and they are presented with GP agent download options.
  • Once the desired agent is selected to be downloaded, it fails with error: This site can't be reached.

  • PAN OS: 7.1.x and above.
  • Windows and Mac clients as GlobalProtect (GP) Endpoints.
  • Firewall configured with redirect GlobalProtect Host Agent Download to another website.

Misconfiguration of redirect location in the Firewall to a wrong URL causes this issue.


  1. Verify the configured redirect URL location on the firewall using set global-protect redirect show command.

> set global-protect redirect show True                                           
=> wrongly configured URL.

  1. Correct the URL location to the site which hosts the GP agent software using command set global-protect redirect location <corrected URL>. Replace the URL below with the correct URL location configured for your site.

> set global-protect redirect location
=> corrected URL location.

  1. Disable the global-protect redirect by the CLI command set global-protect redirect off. This will set the Host Agent Download back to default settings where the Agent is downloaded from the Global Protect Portal.
> set global-protect redirect off
> set global-protect redirect show False                                           

These commands take into effect immediately and will survive a reboot of the firewall. Commit operation is not required.


Additional Information
  • Screenshot of Global Protect Agent download Page
  • Screenshot of the error message once the software download is selected. 
site error

  • Print
  • Copy Link