Hello Everyone,
I recently installed GlobalProtect on a 2020 macbook air with mac Os 13.3. When i try to enable the connection i get the following error: “The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect.”
The GlobalProtect version is 5.2.13
I set “always trust” on the certificate options. What could the problem be?Thanks in advance for the help
UPDATE!!!
After a lot of tries i fixed the problem by manually installing the GP certificate (containing my public ip address) on the mac.
Still, the globalprotect app needs to install a second certificate on the pc but now the vpn works just fine.
Thanks everyone for the help.
Have a nice day!
Your best bet is to look in the logs. I would start by checking PanGPA log on the MacBook air. That should give you a better indication where the failure to connect is happening.
I’m reaching out to Palo Alto because last night I started having the same issue when I tried to use VPN on any device.
What did your company’s IT people say when you submitted a ticket?
Do you have policy in place for GP to connect?
After installation on more recent macOS versions, GlobalProtect needs to be allowed to run its kernel extension or so. Check the system settungs > Data Protection (or so). It’ll offer you to allow GlobalProtect. Only then yill GP be able to connect.
You have to try in order for the settings to offer you to allow it.
Are you using a certification with an expiration duration longer than 365 days? Our root CA that we use has a 10 year expiration that was breaking MacOS connectivity with Global Protect because they inherently do not trust certs with longer than a year duration.
Portal’s fqdn or ip you are connecting to is the same as the san name or common name present in certificate?
I found the same issue when using a self sign certificate, fixed it by installing that certificate on the macbook or iphone.
Hi! Can you please help me understand, Im having the same issue. Where did you get this certificate to manually install it? How did you do the installation process? I will really appreciate the instructions. Because I’m already desperate trying to solve the problem 
Seems like I can reach the firewall but after that, if I log in, I get forcefully disconnected. The next line in the logs is the error I get from the GP app.
I’m gonna be totally honest, i’m the company IT but i’m new to mac so i don’t know if there is something to set up on the pc to make GP works.
On Windows it works totally fine and none of my users had problems using GP.
I looked for some possible solution on the Palo Alto customer portal but none of them seems to be working.
The policy just routes the traffic once I’m in.
Shouldn’t need a policy to just connect to the gateway.
I enabled the extension in Settings → privacy but it doesn’t work.
yes, the certificate is valid for more than 365 days?
Could this be the problem?
You can manually download .pem certificate of GP gateway from GlobalProtect Portal then add your certificate to system keychain access also set to using always trust. it’s working for me.
Are you able to see the connection attempt in your firewall logs? It should be under Monitor > GlobalProtect.
Also, in your GP Gateway and Portal configs (on the fw), have you verified that you are not blocking specific OS or OS versions?
Ok, in that case you do want to export logs and have a good look at the “pangps.log” file. I think you can view it live with the built-in log viewer if you can find it.
