No internet connection upon GlobalProtect disconnect

No internet connection upon GlobalProtect disconnect

29957
Created On 01/28/21 21:34 PM - Last Modified 09/30/21 02:20 AM


Symptom


Everytime when Global protect is disconnected there is no internet access on the endpoint.
An exclude route configured for 0.0.0.0/0 on the Gateway as shown below:            
<exclude-access-routes>
            <member>0.0.0.0/0</member>            <<<<<<<<<<<<<<<<<<<<<<<<<<<
            <member>10.191.144.0/21</member>
            <member>10.192.18.127/32</member>
           </exclude-access-routes>

The following entry in the GlobalProtect App logs: 
P1765-T19459 Oct 07 15:10:27:647553 Dump ( 59): try root_lock P1765-T19459 Oct 07 
15:10:27:647557 Dump ( 64): root_lock uid:0, euid:0
P1765-T41059 Oct 07 15:10:27:653314 Dump   (1397): Route change message 
RTM_DELETE: Delete Route 0.0.0.0              >>>>>>>>>>>>>>>>>>>default route deleted

Environment


  • Palo Alto Firewall.
  • PAN-OS 8.1 and above.
  • Existing GlobalProtect infrastructure.
  • Gateway configured with split-tunnel.

Cause


  • The route for 0.0.0.0/0 is getting deleted when the GlobalProtect client disconnects 
  • By default, when the client disconnects the  GlobalProtect VPN, the App deletes all routes it initially set upon connecting

Resolution


  1. Remove the 0.0.0.0/0 configuration from the exclude access route configuration on the gateway split tunnel.
  2. As a workaround, you could also disconnect/reconnect to the WIFI router to restore Internet connectivity 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCgeCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language