Applications page doesn't load from clientless vpn portal, page stays on loading loop and shows ERR_EMPTY_RESPONSE

Applications page doesn't load from clientless vpn portal, page stays on loading loop and shows ERR_EMPTY_RESPONSE

6933
Created On 12/14/23 21:26 PM - Last Modified 01/28/25 22:34 PM


Symptom


  • Trying to access application through clientless VPN Portal
  • Application stays on the loading loop and shows ERR_EMPTY_RESPONSE
          screenshots for err empty message


    Environment


    • Palo Alto Firewalls
    • Pan-OS below 11.1.0, 11.0.2, 10.2.5, 10.1.11, 9.1.17
    • GlobalProtect clientless VPN Portal

    Cause


    • SSLProxy traffic is dropped when the zone protection profile is enabled either on clientless VPN portal zone of clientless VPN zone. 
    • SSLProxy traffic is dropped when the zone protection profile is enabled for the zone  where clientless VPN portal is hosted  and also under the clientless VPN zone 
    • Check if  the 'strict ip address check' under Zone Protection Profile > Packet based Attack protection is enabled 
           screenshot for strict ip enabled     
     

    Resolution


    1. The issue is addressed under "PAN-210883" under 10.2.510.1.11 and  9.1.17 versions
    2. Upgrade of the the firewall to the fixed releases will address the issue.
    3. As a workaround, uncheck the "Strict IP Address Check" option under GUI: network > network-profiles >zone-protection > packet base attack protection > Strict IP Address Check
             screenshots for unchecked strict ip address check


     
    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XhJeCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail