GlobalProtect Agent download fails with error "This site can't be reached"
- Endpoint clients connect to Global Protect Portal and they are presented with GP agent download options.
- Once the desired agent is selected to be downloaded, it fails with error: This site can't be reached.
- PAN OS: 7.1.x and above.
- Windows and Mac clients as GlobalProtect (GP) Endpoints.
- Firewall configured with redirect GlobalProtect Host Agent Download to another website.
Misconfiguration of redirect location in the Firewall to a wrong URL causes this issue.
- Verify the configured redirect URL location on the firewall using set global-protect redirect show command.
> set global-protect redirect show
cfg.global-protect.redirect.location: https://gp.paloalto.com => wrongly configured URL.
- Correct the URL location to the site which hosts the GP agent software using command set global-protect redirect location <corrected URL>. Replace the URL below with the correct URL location configured for your site.
> set global-protect redirect location https://redir.gp.paloalto.com
cfg.global-protect.redirect.location: https://redir.gp.paloalto.com => corrected URL location.
- Disable the global-protect redirect by the CLI command set global-protect redirect off. This will set the Host Agent Download back to default settings where the Agent is downloaded from the Global Protect Portal.
> set global-protect redirect off > set global-protect redirect show cfg.global-protect.redirect.flag: False cfg.global-protect.redirect.location: https://redir.gp.paloalto.com
These commands take into effect immediately and will survive a reboot of the firewall. Commit operation is not required.
- Screenshot of Global Protect Agent download Page
- Screenshot of the error message once the software download is selected.