GlobalProtect connection is unreachable or the gateway is unresponsive after PANOS upgrade to 10.2.2

GlobalProtect connection is unreachable or the gateway is unresponsive after PANOS upgrade to 10.2.2

117824
Created On 12/09/22 21:36 PM - Last Modified 01/10/24 06:04 AM


Symptom


  • After upgrade of the Firewall to PANOS version 10.2.2, Global Protect clients intermittently having connectivity issues connecting.
  • Error messages seen in PANGPS.log
  • The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.
  • Further messsages in PANGPS.log indicate auth-failed due to invalid cookie:
09:18:31:063 global protect private header is: auth-failed-invalid-cookie 
09:18:31:063 send alive message now 1
09:18:31:063 winhttpObj, error! ipaddress xyz.yzs.abc
bRetryWithoutCert is 0, bClientCertNeeded=0
09:18:31:063 return string STATUS_ERROR=auth-failed-invalid-cookie 
09:18:31:063 Send command to Pan Service

 

Environment


  • Palo Alto Firewall
  • PANOS version: 10.2.2
  • GlobalProtect App version: 6.0.1
  • Authentication cookie enabled on the Gateway 

Cause


Invalid cookie was not handled properly and auth failure was not returned to GlobalProtect client.

Resolution


  1. This issue is addressed in PAN-194262 in PAN-OS 10.2.3
  2. Upgrade to PANOS version 10.2.3 to resolve the issue

Workaround:
  • Delete Authentication cookies from the GlobalProtect client.
Example: On Windows with file path: C:\Users\%USERNAME%\AppData\Local\Palo Alto Networks\GlobalProtect,  Delete the file starting with PUAC
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kFZ9CAM&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language