Use dataplane debugs or captures combined with global counters to check the same. Use filter ip.addr= or ip.addr= as appropriate.Ħ) If the SYN packet is going out and no ACK is received, move to the firewall and see if the sessions are getting formed, and if packets are getting dropped. Below are some examples:ĥ) If the browser page above is not loading properly, check with Wireshark to see if the TCP handshake is complete or not. If there are certificate issues, browser errors can help isolate those. The web browser easily helps us check the certificate coming from the portal/gateway.
GLOBALPROTECT PRE LOGON INSTALL
Where Can I Download and Install the GlobalProtect App?ġ) Verify that the configuration has been done correctly as per documents suiting your scenario.Ģ) On the client, make sure the GlobalProtect client is installed, if this is not the first time you are connecting to GlobalProtect.ģ) Use nslookup on the client to make sure the client can resolve the FQDNs for the portal/gateway.Ĥ) Open a web browser and enter the URL : and/or This will make sure that the SSL communication between the client and the portal/gateway is working fine. To verify the handling of initial SSL request from Client on the dataplane, after which the communication is sent to the sslvpn daemon on the management plane (MP).įor authentication issues related to GlobalProtect login.įor client login/logout events and other backend logic.ģ) CLI commands: Useful GlobalProtect CLI Commands.Ĥ) Traffic logs: To verify connections coming from the client for the portal/gateway and for checking details of sessions from a connected GlobalProtect client to resources.įirst make sure of the Compatibility matrix: Can be used to track communication with other daemons. Main log file for all SSL VPN related activities. (For transactions between the firewall and the LDAP server (authentication))Ģ) Debug Logs: Might need to enable debug for more detailed information:
GLOBALPROTECT PRE LOGON HOW TO
Management Port Captures : How To Packet Capture (tcpdump) On Management Interface But not very helpful with SSL offload enabled since packets might be missing.)
Useful to see if the firewall is dropping any packets on the dataplane. ( For transactions between the client and the portal/gateway. Tools used for troubleshooting on the firewallĭataplane Captures: How to Run a Packet Capture. To check detailed debug logs from the GlobalProtect client To download the GlobalProtect client and to confirm successful SSL connection between the client and the portal/gateway To capture transaction between the GlobalProtect client and the portal/gateway To install and verify the installed client/root CA certificates To verify the GlobalProtect adapter settings and routes installed by the GlobalProtect client Ipconfig/ Ifconfig/ Netstat -nr / Route print To make sure that the FQDNs for the portal/gateway are getting resolved To verify reachability to the portal/gateway Tools and utilities for troubleshooting on the client machine Refer to the GlobalProtect resource guide. The article assumes you are aware of the basics of GlobalProtect and its configuration. This article lists some of the common issues and methods for troubleshooting GlobalProtect. – GlobalProtect agent connected but unable to access resources – GlobalProtect unable to connect to portal or gateway Issues related to GlobalProtect can fall broadly into the following categories:
0 kommentar(er)
