GlobalProtect Portal connectivity fails error - "[Error]: No Network Connectivity. Please verify your network connection and try again."

• User is unable to connect to the GlobalProtect Portal using the GlobalProtect App.
• This may happen to a Prisma Access Mobile User as well.
• PanGPS logs indicate connectivity issue to the Portal

09:05:04:888 Failed to get portal config from portal <portal_fqdn>.
09:05:04:889 [Error]: No Network Connectivity. Please verify your network connection and try again.
09:05:04:889 [Error]: The network connection is unreachable or the portal is unresponsive. Check the network connection and reconnect.

• The same user is able to access the portal fqdn using a web browser, indicating no connectivity issues

> https://<portal_fqdn>/prelogin.esp
> https://<portal_fqdn>/getconfig.esp

• Packet captures between the user PC and Portal indicate the Portal sends an "ALERT - Handshake Failure (40)" to the user after receiving a Client Hello.
• This indicates that the Client and the Server did not agree on a supported Cipher from the list advertised in the Client Hello.

• Palo Alto Networks GlobalProtect Portal
• Prisma Access Mobile User
• GlobalProtect App any version

• This issue may be caused by the user PC not sending the supported ciphers in the Client Hello.
• This can be confirmed by performing a packet capture to look at the SSL handshake Client Hello, which has the list of ciphers advertised to the Portal.

1. Check for the configured cipher suites present in the following registry location.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

2. Edit the Functions key, and confirm if it contains one of the Supported cipher suites. 
3. If the registry does not have the supported cipher suites, Change to one of the supported ones.