Hello there, within the last couple of weeks we have been getting a large number of Authentication Failed pages loading when Global Protect is looking to reconnect. Often this is seen after waking the laptop from Sleep and previous day.
The user can click the button to reconnect, or sometimes it just automatically connects. But the issue is becoming prevalent as tickets and grumbles are now being shared.
It looks like the following, sorry had to cut out the rest of the background as it shows corporate wallpaper etc
Copyright 2021. When was the last time the device was updated?
what backend auth are you doing? external or internal gateway-portal ?
We are having this same issue in our environment. Running latest version of Global Protect. Palos and Panorama running 10.2.6-h2
To add sorry, I don’t see any Failures for either Prelogon or User Auth for that time in the Global Protect logs in the Panorama console
Could be some weird network caching issue caused by computer policies etc…did you check GP troubleshooting logs?
Not the IP 6 issue is it? Still no fix for that AFAIK.
Hey Man, check the cookie config please.
We have the same issue lately, with Azure SAML Auth…
What does the logs say? That will help you know what could be wrong. Last time I experienced this was due to NTP.
What version of PAN-OS? Are you doing SAML? Check the GlobalProtect logs for the following error message: Username from SAML SSO response is different from the input… you could be hitting a known bug
External Portal and many Worldwide gateways.
Pre-logon enabled. Certificate and Cookie Auth used
(Apologies for lack of detail - I’m EUC focused but with an eye on global protect for our device provisioning. Have read only on Panorama and getting proficient in understanding GP
This is fixed in 10.2.8 PAN-219241
Do you have a TAC case to reference within our TAC case?
Are you getting it appearing more recently? Or has been quite consistent? We’ve on GP for approx 5 years and hadn’t seen this particular one until recently
I have, and usually been ok at spotting an issue. But just not finding anything jumping out on either client side or panorama logs.
We have TAC case, but even after a couple of days no analysis or an update
Do you have more detail to what you mean please?
Check the GlobalProtect logs for the following error message: Username from SAML SSO response is different from the input… you could be hitting a known issue.