GlobalProtect App download fails with the error "This site can't be reached"

GlobalProtect App download fails with the error "This site can't be reached"

30222
Created On 10/15/19 04:01 AM - Last Modified 03/13/26 16:21 PM


Symptom


  • Endpoint clients connect to GlobalProtect Portal and they are presented with GP app download options.

Portal Page

  • Once the desired app is selected, it fails with error: This site can't be reached.

Site can't be reached 

Environment

Cause


Misconfiguration of redirect location in the firewall to a wrong URL causes this issue.

Resolution


  1. Update the redirect URL location using following steps:
    • Check the configured redirect URL location on the firewall using following command ->

> set global-protect redirect show

cfg.global-protect.redirect.flag: True                                                    
cfg.global-protect.redirect.location: https://gp.paloalto.com  => wrongly configured URL

    • Replace the URL to the correct location which hosts the GP app software using following command ->

> set global-protect redirect location https://redir.gp.paloalto.com

cfg.global-protect.redirect.location: https://redir.gp.paloalto.com => corrected URL location

 

  1. Disable GlobalProtect redirect using following CLI command. This will set the Host App Download back to default settings where the App is downloaded from the GlobalProtect Portal.
> set global-protect redirect off
> set global-protect redirect show

cfg.global-protect.redirect.flag: False                                                    
cfg.global-protect.redirect.location: https://redir.gp.paloalto.com

NOTE: These commands take into effect immediately and will survive a reboot of the firewall. Commit operation is not required.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN0WCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail