GlobalProtect, Working from Home, Prisma Access and Covid-19
cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

GlobalProtect, Working from Home, Prisma Access and Covid-19

Community Team Member

To all, 

Just wanted to post a message about the Hot Topic right now, which is Covid-19. 

With all of this going around, everybody's health and safely is the utmost concern. Keeping your hands clean, washing your hands (A LOT), using hand sanitizers, and stop touching your face (I see you doing it now).

 

One of the things that is happening all over the place is telecommuting. Just like being safe in the real world, a VPN is a necessity when doing your work online. Palo Alto Networks has a couple of products that can help keep you secure online, which are GlobalProtect and Prisma Access.

 

GlobalProtect is the built-in VPN solution for our Strata (firewall) suite.

Prisma Access is our globally distributed cloud service that can automatically scale when your need increases. 

One of the advantages of using Prisma Access is that you do not need to deploy any new hardware to expand your capacity.

 

For GlobalProtect, our sales staff is available is to help your need for more hardware capacity.

For Prisma Access, we are offering free accelerated deployment and on-boarding of remote users.

Also, for any existing Prisma Access customers, we will be giving additional capacity to address increased usage at no additional cost for 90 days.

 

This is meant as a reminder for everyone that we have products to keep you secure.

Please send an email if you have any questions about increasing capacity to the following address:

rapid-response@paloaltonetworks.com

 

More Information:

Palo Alto Networks CEO, Nikesh Arora has put out a blog about this subject here:

Securely Connect and Scale Remote Workforces

 

For a list of Configuration and Troubleshooting articles, please see the GlobalProtect Resource List here:

GlobalProtect Resource List on Configuring and Troubleshooting

 

For any questions about licensing, please review GlobalProtect License requirements here:

GlobalProtect Licensing

 

Please check my Blog about this with more information, links and even videos here:

GlobalProtect and Prisma Access during COVID-19

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items!
41 REPLIES 41

Hi @Daniel_Li ,

 

Glad the article is helpful. I will review it and see if there is alternate option available which will provide us physical interface. If not, packet capture will be the most reliable method as specific in the document.

 

Thanks,

Nehal

Community Team Member

@Daniel_Li 

I would recommend that you create a new thread for this specific issue to either the GlobalProtect or General Topics discussion area, you will receiver faster response for posts like this there.

 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items!

Just update all

 

Split domain on GP 5.1.0 has bug and release note mention it is fixed on 5.1.2 or 5.1.1. So far it works on some machines and other machine is not working 100% for example following domain is in excluded list

GP 5.1.1 or 5.1.2

*.zoom.us      -some GP client works and some does not

*.cisco.com   -some GP client works and some does not

speedtest.net  most of time this Domain traffic will send to physical adapter

 

Still not fix yet with Tech.

 

Daniel

Hi There,

I hope you are well. Great article at the link below..

https://live.paloaltonetworks.com/t5/general-articles/troubleshoot-split-tunnel-domain-amp-applicati...

Just on point 3, i cannot find the gpsplit logs within the globalprotect bundle. Either generating on a mac or a windows pc..
where can I find this log ?
split tunneling amazon aws is giving us hassle..

kind regards,

Rob

L1 Bithead

Hi,

This covers all GP related stuff.

Regards,
Thiru

I'd like to request that this information also be viewable in the GUI as well, maybe under "monitor"?

Hi @krankins,

 

Just to confirm, are you requesting that you should be able to review the split-tunnel configuration on GlobalProtect GUI as well ?

 

Thanks,

Nehal

Hi @rdonohoe23 ,

 

Thanks for the feedback. Actually gpsplit.log file is available as part of GlobalProtect logs bundle before GlobalProtect client 5.1.4 for macOS. After GlobalProtect client 5.1.4 and later, based on your macOS version you will either see gpsplit.log or PanNext.log [macOS 10.15.4 + GP 5.1.4 onwards]. For windows you can review PanGPS.log file. I will also update the document which you referred with this most current information. 

 

Thanks,

Nehal

 

Community Team Member

@krankins 

For any new features to be added, we recommend that you contact the Sales Group, as they are the ones who put in the Feature Requests.

North America Sales: 866-320-4788 or contact_sales@paloaltonetworks.com

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items!

L1 Bithead

We have 3 PaloAlto firewalls in 3 Datacenter as below

gp1.xyz.com
gp2.xyz.com
gp3.xyz.com

Currently around 600 users connected to a portal address "gp1.xyz.com"

We have created a new portal "gp-prod.xyz.com" which points to a load balancer and the LB performs health check of the 3 Gateways and routes traffic based on availability.

Our requirement is to change the portal address to "gp-prod.xyz.com" in all the 600 users.

When I edit the portal address at the below registry and make it "gp-prod.xyz.com" , it still doesn't change in the GP client.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup


Any suggestions on how the requirements can be met?

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!