06-24-2024 06:30 PM
According to the notes on globalprotect 6.3, CIE should now be compatible with the embedded browser, but I cannot get it to work.
I see the requirements for the feature is PANOS 11.2 or later - we use Prisma, so not sure if Prisma is not compatible with it?
Has anyone had any luck with Globalprotect + CIE + Embedded browser + Prisma? This is a feature I'd love to enable for my people, so there is one less browser popup they need to close when it auths with default browser.
06-25-2024 07:30 AM
@Davidboyes wrote:
According to the notes on globalprotect 6.3, CIE should now be compatible with the embedded browser, but I cannot get it to work.
I see the requirements for the feature is PANOS 11.2 or later - we use Prisma, so not sure if Prisma is not compatible with it?
Has anyone had any luck with Globalprotect + CIE + Embedded browser + Prisma? This is a feature I'd love to enable for my people, so there is one less browser popup they need to close when it auths with default browser.
I've not really looked into this, but I believe this already works...not sure why GP version 6.3 is needed.
I've got this setup:
Prisma Access (Panorama Managed) --> Prisma tied to CIE --> CIE pointed to Azure AD for auth --> GP clients software version 6.0.10 --> Users authentication via SAML auth (TLS1.3) to Azure AD via the CIE/Prisma Integration with embedded browser. This works seamlessly with no additional browsers popups. (Our Prisma dataplane is running 10.2.4, with the Prisma Access version at 4.0)
Is this not the type setup you're looking for? I described TLS1.3 problems in earlier GP client versions in this thread: https://live.paloaltonetworks.com/t5/general-topics/global-protect-application-blank-screen/td-p/561...
To your specific question though, if you're running Prisma is your dataplane already running 11.2? Just because you are on Prisma doesn't mean your dataplane is the correct version.
06-30-2024 08:57 PM
Thanks for the response! You are correct, you've described exactly what I'm after - its never worked for us, so I assumed it was not technically working with current versions.
I mentioned GP 6.3 because they announced with it that Embedded browser now works with CIE - but I'm seeing now that the article they link to says "6.2.3 or later".
I tried disabling TLS1.3 on my endpoint but had no difference in experience.
I've logged a TAC case for it, maybe I'm missing something obvious but their documentation for Prisma is so bad. (at least it is for Strata...)
07-18-2024 07:38 PM - edited 07-18-2024 07:49 PM
I've gotten confirmation in my TAC case that embedded browser isn't supported with Prisma currently. No ETA available
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
