Global Protect tunnel is disconnects after closing RDP connection

Global Protect tunnel is disconnects after closing RDP connection

3988
Created On 05/18/23 13:03 PM - Last Modified 06/27/25 19:37 PM


Symptom


  • RDP is established to a remote PC/Desktop that has GlobalProtect (GP) enabled
  • The GP tunnel on the remote PC gets disconnected after closing the RDP session.

Environment


  • Any GlobalProtect Windows version
  • Any PAN-OS version
  • RDP to any available PC's IP address (including Global Protect virtual adapter, Ethernet interface... )

Cause


  • After initiating the RDP connection, the remote PC user account is locked automatically (expected behavior).
  • The new RDP Windows session is open and that connection becomes an Active session.
  • Global Protect tunnel renames from a remote PC user to an RDP user.
  • After Closing the RDP connection, the RDP Windows session is closed.
  • At this time, the remote PC user account is still locked.
  • There is no connectivity between PanGPS and PanGPA, so tunnel rename from RDP user to remote PC user cannot be successful.
  • Global Protect tunnel rename process fails, so the Global Protect tunnel is disconnected (expected behavior).
  • After unlocking the account, PanGPS and PanGPA are connected again, and the tunnel rename can be successfully finished.

Resolution


  1. Global Protect needs to have an active user session for the connection to persist.
  2. Set GP Portal App's setting "User Switch Tunnel Rename Timeout (sec)" to a value long enough time to allow remote PC users for
  • unlocking the account
  • successful authentication
  • Global Protect tunnel establishing.
image.png
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g1rJCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language