Palo Alto GlobalProtect VPN - What DoIT will need to troubleshoot client connectivity issues
If a user is having problems connecting to a Palo Alto VPN termination point using the GlobalProtect VPN client. DoIT will need the following information in order to figure out what is happening from both the client's point of view and the VPN appliance.
Things to gather from the VPN user are:
- The users full name, NetID and the time the problem was seen.
- What VPN are they connecting to. (ie: uwmadison.vpn.wisc.edu)
- IP address shown in https://www.google.com/search?q=what+is+my+IP
- We'll also need the output from "Collect Logs". This can be gathered using the following steps.
- Right-click on the GlobalProtect VPN Client icon in the
system tray
- Click "Collect Logs"
- Have the log sent to the ticket owner for review.
- What are you default log settings? (Please don't do the following before the above is complete, it erases the existing logs and starts over)
- Right-click on the GlobalProtect VPN Client icon in the system tray
- Click "Show Panel"
- Click the "Troubleshooting" tab
- Click "Logs" radio button
- What is the Debug Level set to on the right-side for both of the log types "PanGP Service" and "PanGP Agent"?
- Please send this to the ticket owner.
- (Not always needed) Open up the GlobalProtect folder on your machine, IE: C:\Program Files\Palo Alto Networks\GlobalProtect
- Send the following files to the ticket owner, if they exist:
- "PanGPS.log.old"
- "PanGPA.log.old"
- "PanGPUninstaller.log"
- "PanGpHip.log.old"