<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: GlobalProtect - Multiple Client Settings in General Topics</title>
    <link>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/1232669#M124666</link>
    <description>&lt;P data-start="56" data-end="66"&gt;Hi PT1559,&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P data-start="68" data-end="131"&gt;Did you find a solution? I'm experiencing the exact same issue.&lt;BR /&gt;&lt;BR /&gt;Thank you.&lt;/P&gt;</description>
    <pubDate>Thu, 26 Jun 2025 14:15:48 GMT</pubDate>
    <dc:creator>RowanJ</dc:creator>
    <dc:date>2025-06-26T14:15:48Z</dc:date>
    <item>
      <title>GlobalProtect - Multiple Client Settings</title>
      <link>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/572653#M115219</link>
      <description>&lt;P&gt;Following a change to move from LDAP (Local Domain Controllers) to Azure SAML with MFA enabled we are experiencing an issue with the use of multiple Client Settings Configs on a single Gateway.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;We use the users section to identify a subset of users that only require RFC1918 IP ranges to traverse the VPN and all remaining users will hit the secondary config for all traffic to traverse the VPN.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Previously we would identify the users on the first config with the the following format - DOMAIN\USER.NAME&lt;/P&gt;
&lt;P&gt;However since the change I believe users will be identified by the email address format - &lt;A href="mailto:USER.NAME@DOMAIN.COM" target="_blank"&gt;USER.NAME@DOMAIN.COM&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I have changed this section to specify the email address format, however this is still not working and all users are hitting the secondary Config instead.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I have restarted the Management Server and rebooted the device.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I have also deleted the old LDAP configuration.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Please advise if you have run into this issue before and if you were able to find a resolution.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thank you&lt;/P&gt;</description>
      <pubDate>Thu, 11 Jan 2024 05:23:30 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/572653#M115219</guid>
      <dc:creator>PT1559</dc:creator>
      <dc:date>2024-01-11T05:23:30Z</dc:date>
    </item>
    <item>
      <title>Re: GlobalProtect - Multiple Client Settings</title>
      <link>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/572718#M115226</link>
      <description>&lt;P&gt;Are you matching individual users or are you matching groups in your config? If you look in your firewall logs what is the user-id information coming across as? With Azure SAML would recommend setting up Palos Cloud Identity Engine&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-new-features/identity-features/cloud-identity-engine" target="_blank"&gt;Cloud Identity Engine (paloaltonetworks.com)&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://docs.paloaltonetworks.com/cloud-identity/cloud-identity-engine-getting-started/authenticate-users-with-the-cloud-identity-engine/configure-the-cloud-identity-engine-as-a-mapping-source-on-the-firewall" target="_blank"&gt;Configure the Cloud Identity Engine as a Mapping Source on the Firewall (paloaltonetworks.com)&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 11 Jan 2024 14:11:37 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/572718#M115226</guid>
      <dc:creator>Claw4609</dc:creator>
      <dc:date>2024-01-11T14:11:37Z</dc:date>
    </item>
    <item>
      <title>Re: GlobalProtect - Multiple Client Settings</title>
      <link>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/572791#M115240</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;This is done by individual username.&lt;/P&gt;
&lt;P&gt;In the GlobalProtect logs the authentication is logged with the email address, however when the email address is specified on the configuration, this is still ignored and the secondary "ANY" configuration is used.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In Traffic logs, any traffic passing through the firewall via GlobalProtect the User-id showing in logs would be domain\user.name.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thank you.&lt;/P&gt;</description>
      <pubDate>Thu, 11 Jan 2024 23:30:50 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/572791#M115240</guid>
      <dc:creator>PT1559</dc:creator>
      <dc:date>2024-01-11T23:30:50Z</dc:date>
    </item>
    <item>
      <title>Re: GlobalProtect - Multiple Client Settings</title>
      <link>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/1232669#M124666</link>
      <description>&lt;P data-start="56" data-end="66"&gt;Hi PT1559,&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P data-start="68" data-end="131"&gt;Did you find a solution? I'm experiencing the exact same issue.&lt;BR /&gt;&lt;BR /&gt;Thank you.&lt;/P&gt;</description>
      <pubDate>Thu, 26 Jun 2025 14:15:48 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/general-topics/globalprotect-multiple-client-settings/m-p/1232669#M124666</guid>
      <dc:creator>RowanJ</dc:creator>
      <dc:date>2025-06-26T14:15:48Z</dc:date>
    </item>
  </channel>
</rss>

