Global Protect VPN client fails to validate certificate and connect when SEP Web and cloud access protection (PAC) is enabled
search cancel

Global Protect VPN client fails to validate certificate and connect when SEP Web and cloud access protection (PAC) is enabled

book

Article ID: 258381

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Administrator wants to run the Global Protect VPN based on the best practices from a VDI environment.

Configuration and deployment of the pac file were both verified against best practices.

Environment

Cloud SWG

SEP RU 14.3 

Web and Cloud Access protection component

Cause

The communication of certificate validation from the Global Protect VPN client goes over the IPv6 loopback adapter and fail.

Resolution

The resolution is to set the IPv4 priority over the IPv6 under the workstation.

Prefer IPv4 over IPv6:

The IPv6 functionality can be configured by modifying the following registry key:

    1. Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
    2. Name: DisabledComponents
    3. Type: REG_DWORD
    4. Min Value: 0x00 (default value)
    5. Max Value: 0xFF (IPv6 disabled)

Additional Information

Microsoft Reference: Configure IPv6 for advanced users - Windows Server | Microsoft Learn

Powered by Wolken Software