Manual Global Protect gateway selection fails to connect

Manual Global Protect gateway selection fails to connect

2438
Created On 11/14/22 18:46 PM - Last Modified 08/04/23 21:13 PM


Symptom


  • Gateway auto-selection works fine.
  • When the same gateway is manually selected from the GP client, it does not connect
  • No error message is displayed.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Global protect Manual gateway selection

Cause


  • The leading space in the configured gateway name.
  • This can be confirmed by the logs in PanGPS.log.
  • Notice the error below during the "Manual Gateway processing starts" phase
(P3176-T4412)Debug(4279): 11/11/22 16:28:18:800 ----Manual Gateway processing starts----
(P3176-T4412)Debug(4292): 11/11/22 16:28:18:800 user-profile-type tag exists with value 0
(P3176-T4412)Debug(4309): 11/11/22 16:28:18:800 ProcessManualSetGateway Second_External_Gateway
(P3176-T4412)Debug( 750): 11/11/22 16:28:18:800 SetNextScheduledHipCheckTime to 0
(P3176-T4412)Debug( 772): 11/11/22 16:28:18:800 m_bScheduleFlag is set to 0
(P3176-T4412)Debug(4316): 11/11/22 16:28:18:800 Reset just resumed
(P3176-T4412)Debug(1492): 11/11/22 16:28:18:800 GetExternalGatewayItemByIP: gatewayIP is Second_External_Gateway
(P3176-T4412)Debug(1502): 11/11/22 16:28:18:800 pGatewayItem->GetGatewayStr() is vpn1-xyz.com
(P3176-T4412)Debug(1527): 11/11/22 16:28:18:800 pGatewayItem->GetRemoteHostStrV6() is 
(P3176-T4412)Debug(1502): 11/11/22 16:28:18:800 pGatewayItem->GetGatewayStr() is vpn2-xyz.com
(P3176-T4412)Debug(1527): 11/11/22 16:28:18:800 pGatewayItem->GetRemoteHostStrV6() is 
(P3176-T4412)Debug(1544): 11/11/22 16:28:18:800 pGatewayItem->GetDescription() is First_External_Gateway
(P3176-T4412)Debug(1544): 11/11/22 16:28:18:800 pGatewayItem->GetDescription() is  Second_External_Gateway <<< There is a leading space in the gateway name
(P3176-T4412)Debug(1551): 11/11/22 16:28:18:800 GetExternalGatewayItemByIP does not find Second_External_Gateway
(P3176-T4412)Error(4324): 11/11/22 16:28:18:800 Cannot retrieve gateway ip while processing manual set gateway <<< Gateway Manual selection failure
(P3176-T4412)Info ( 531): 11/11/22 16:28:18:800 msgtype = manual-gateway

Resolution


  1. Edit the portal configuration and remove the leading space in the external gateway name.
  2. Click on OK and Commit the changes.
GUI: Network > GlobalProtect > Portals > (portal name) > External > (Click, and remove the space the portal name) 
GP.JPG
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZt9CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail