Log Collection for macOS Split Tunneling Issues

Log Collection for macOS Split Tunneling Issues

2180
Created On 06/29/21 22:26 PM - Last Modified 01/11/22 00:59 AM


Objective
This article is designed to collect right data for macOS split tunneling issues

Environment
  • PAN-OS 8.1 and above
  • GlobalProtect App 5.1.8 and above
  • macOS clients


Procedure

For include/exclude applications, please be aware that you must have all those applications installed before GP login. Otherwise, you would need to reconnect to GP after you install those applications. So, please double check that all application paths configured in include/exclude application list exist on the client device before GP login.

Please follow below steps to collect the information from client side only:

  1. In the macOS Terminal, run below command to capture packets 
    sudo tcpdump -i all -k INP -w gptest.pcapng
  2. Change GP logging level to Dump (Settings -> Troubleshooting -> Logging Level)
  3. If the issue may involve the GP login process, please disconnect or disable first and reconnect to GP
  4. Start to reproduce the issue
  5. Once the issue is reproduced, stop the packet capture and collect the GP logs (Settings -> Troubleshooting -> Collect Logs)
  6. Change GP logging level back to Debug
  7. Collect gptest.pcapng (which would be saved under /Users/<username> path) and GP logs
  8. Please run below commands to check if any third party applications use system extensions or kernel extensions:
    1. Following command checks if any third party application uses system extensions 
      systemextensionsctl list
    2. Check System Preferences -> Network to see if the application's network extension is loaded or not. Please take a screenshot for reference
    3. Following command shows all third party kernel extensions 
      kextstat -l | grep -v apple


Kindly note the time of the issue, domain name and the process involved accessing the domain. For example, 14:05:00 PST, using Chrome to access www.yahoo.com, it shows unreachable. 



Additional Information
Log Collection for Split Tunneling Issues on Windows Clients

Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMFwCAM&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language