Global Protect Windows 10

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

Global Protect Windows 10

Hey experts!

I have a new Windows 10 notebook and Global Protect Client 2.3.4-4 installed.

However, the connect button is greyed out.

I read on the Palo Alto site that the recommended minimum agent version is 3.0.3.

So is the problem my 2.3.4 version? Doesn't it work with Windows 10?

Tags (1)
Highlighted
L3 Networker

Well MPI, 

 

I would hazzard a guess to say the connect button is disabled from the firewall side.. What version of PAN-OS is running on the firewall and what agent settings have you configured there ?

 

windows 10 connects perfect with global protect .. tried n tested.. 

 

Regards 

 

Robert D 

Highlighted
L4 Transporter

Hi,

which global protect version do you use with Windows 10?

 

PAN-OS is 7.0.7

I have configured pre-logon (Always On)

 

PS: So I don't know what's the problem but on Windows 7 the Global Protect client works.

 

So I think I should first test the 3.0.3 client on my Windows 10.

 

Is there a possibility to download the global protect client 3.0.3 standalone?

 

Because if I download it on the firewall and activate it, all clients will update to this version.

 

And I fear that some clients will not work then.

 

What do you think?

 

(If I have to activate it globally, what's the latest preferred version?)

Highlighted
L1 Bithead

Check if the users passwords are expired via your LDAP or authentication server. 

 

I'm pretty positive that when a users password expired, currently, although there is a feature request open - you are unable to change your password via the pre-logon GP feature on Windows 10. 

 

A current workaround is to log in via normal AD, change PW, log back out and log in via GP pre-logon.

 

Hope this makes sense - remember if the passwords are not expired then this isn't your issue 

Highlighted
L4 Transporter

Hi MTizani,

 

not sure if I understand it.

 

There are no local vpn users on the firewall, only LDAP users (Active Directory).

 

When I do my Windows login on my notebook with my user account, that works.

 

So I think my password isn't expired.

 

Did you mean that?

 

 

mmmh...don't you think it's the problem because of the 2.3.4 version?

 

Should I activate the 3.0.3 version on the firewall?

 

Or can you recommend a newer GP version?

Highlighted
L4 Transporter

Update from me: It was a problem with SSO, so the button was greyed out!

 

 

But by the way: Does anyone of you use GP Version 3.0.3 or above?

 

Do one of these versions (3.0.3 or above) work correctly with Windows 7 - 10 and MAC OS X 10.9 - 10.11?

 

 

Highlighted
L3 Networker

Hi There, 

 

Tested 3.1.5 and 4.0.0 GP on windows ten and macbook {latest as at todays date}. Connect ok - ipsec and ssl. To PAN-OS 7.1.5 and the new 8.0.0. Xauth has issues if using loopbacks, recommendations is to use the gateway on non loopback interface. 

 

If using iphones or android phones am seeing some issues on 3.1.5 and 4.0.0 gp currently. Being researched atm.. 

 

Kind regards

 

Robert d 

Highlighted
L3 Networker

MPI-AE, we are using GP 3.1.3 and 3.1.5 on iOS phones, Windows 7 Ent, and Windows 8 Ent.

With no other 3rd party credential providers installed SSO works on the Windows machines without a problem.  The OS detection, user/group mapping, and HIP checks are all working correctly as well.

 

Unfortunately we are having problems with SSO with our drive encryption and other credential provider components.  As of yet we have not found a solution for that.

 

Brian

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!