Symptoms:

• Computers without the Global Protect VPN client cannot connect to the internet.

On RLA-DC01 and MRS-DC01 the agent is called User-ID Agent.

1. Sign into RLA-DC01 or MRS-DC01
   
   
2. Open the Palo Alto User-ID Agent, there should be at least one connected device.
   
   
   
3. If there are no connected devices, or in the logs the clients are showing an invalid certificate, check the certificate details:
   
   
   
4. If the certificate is valid, then try restarting the services for the User-ID agent and credential Agent. 
   
   
   
5. If restarting the service doesn't work, navigate to the firewall.
   
   
6. Open Devices > Data Redistribution, then disable both RLA-DC01 and MRS-DC01 agents, commit, enable both agents again, commit.
   

The connected devices should now show the firewall.