Global Protect Windows 10

Reply
Highlighted
L4 Transporter

Global Protect Windows 10

Hey experts!

I have a new Windows 10 notebook and Global Protect Client 2.3.4-4 installed.

However, the connect button is greyed out.

I read on the Palo Alto site that the recommended minimum agent version is 3.0.3.

So is the problem my 2.3.4 version? Doesn't it work with Windows 10?

Tags (1)
L3 Networker

Re: Global Protect Windows 10

Well MPI, 

 

I would hazzard a guess to say the connect button is disabled from the firewall side.. What version of PAN-OS is running on the firewall and what agent settings have you configured there ?

 

windows 10 connects perfect with global protect .. tried n tested.. 

 

Regards 

 

Robert D 

L4 Transporter

Re: Global Protect Windows 10

Hi,

which global protect version do you use with Windows 10?

 

PAN-OS is 7.0.7

I have configured pre-logon (Always On)

 

PS: So I don't know what's the problem but on Windows 7 the Global Protect client works.

 

So I think I should first test the 3.0.3 client on my Windows 10.

 

Is there a possibility to download the global protect client 3.0.3 standalone?

 

Because if I download it on the firewall and activate it, all clients will update to this version.

 

And I fear that some clients will not work then.

 

What do you think?

 

(If I have to activate it globally, what's the latest preferred version?)

L1 Bithead

Re: Global Protect Windows 10

Check if the users passwords are expired via your LDAP or authentication server. 

 

I'm pretty positive that when a users password expired, currently, although there is a feature request open - you are unable to change your password via the pre-logon GP feature on Windows 10. 

 

A current workaround is to log in via normal AD, change PW, log back out and log in via GP pre-logon.

 

Hope this makes sense - remember if the passwords are not expired then this isn't your issue 

L4 Transporter

Re: Global Protect Windows 10

Hi MTizani,

 

not sure if I understand it.

 

There are no local vpn users on the firewall, only LDAP users (Active Directory).

 

When I do my Windows login on my notebook with my user account, that works.

 

So I think my password isn't expired.

 

Did you mean that?

 

 

mmmh...don't you think it's the problem because of the 2.3.4 version?

 

Should I activate the 3.0.3 version on the firewall?

 

Or can you recommend a newer GP version?

L4 Transporter

Re: Global Protect Windows 10

Update from me: It was a problem with SSO, so the button was greyed out!

 

 

But by the way: Does anyone of you use GP Version 3.0.3 or above?

 

Do one of these versions (3.0.3 or above) work correctly with Windows 7 - 10 and MAC OS X 10.9 - 10.11?

 

 

L3 Networker

Re: Global Protect Windows 10

Hi There, 

 

Tested 3.1.5 and 4.0.0 GP on windows ten and macbook {latest as at todays date}. Connect ok - ipsec and ssl. To PAN-OS 7.1.5 and the new 8.0.0. Xauth has issues if using loopbacks, recommendations is to use the gateway on non loopback interface. 

 

If using iphones or android phones am seeing some issues on 3.1.5 and 4.0.0 gp currently. Being researched atm.. 

 

Kind regards

 

Robert d 

L3 Networker

Re: Global Protect Windows 10

MPI-AE, we are using GP 3.1.3 and 3.1.5 on iOS phones, Windows 7 Ent, and Windows 8 Ent.

With no other 3rd party credential providers installed SSO works on the Windows machines without a problem.  The OS detection, user/group mapping, and HIP checks are all working correctly as well.

 

Unfortunately we are having problems with SSO with our drive encryption and other credential provider components.  As of yet we have not found a solution for that.

 

Brian

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!