This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Issues GP in Iphones

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issues GP in Iphones

BigPalo
L4 Transporter

‎07-15-2025 01:22 AM

 

 

On iPhone, the  gw for SAML authentication does not open the system browser (Safari). It opens the embedded browser. We configured the "default browser" in APP config like YES. 

In android is working fine but no in iPhones. Why? any incompatibility?

 

On the other hand, we have a gateway using only certificate for authentication. In android is login only with cert without asking for users or pass, but in iPhone is asking for credentials. Why?

 

It seems like GP and Iphones relationship not good

 

Anyone with same issues?

0 Likes Likes
6 REPLIES 6

reaper
Cyber Elite
Cyber Elite

‎07-15-2025 02:55 AM

This should be supported (since GP 5.2, it does mention you may need to update pre-deployed settings)  but it requires an up-to-date content version and a recent GlobalProtect to work.

You could try setting up a (fresh, not  clone) profile specific to iOS/android devices to see if that changes the behavior

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

BigPalo
L4 Transporter
In response to reaper

‎07-15-2025 03:29 AM

Hi Reaper,

Yes, we are in 6.1 GP version.

This FW only has GP gateway license. No threats & apps or any more licenses. I dont know if we need another license to use content for this,

0 Likes Likes

BigPalo
L4 Transporter
In response to reaper

‎07-15-2025 03:48 AM

On Android and iOS endpoints, create a VPN profile by using the supported mobile device management system (MDM) such as Workspace ONE.
  • Log in to Workspace ONE UEM as an administrator.
  • Select an existing VPN profile (DevicesProfiles & ResourcesProfiles) in the list.
  • Select VPN to add a VPN profile.
    On Android endpoints, enter the Custom Data Key (use_default_browser_for_saml). Enter the Custom Data Value (true).
    On iOS endpoints, enter the Custom Data Key (saml-use-default-browser). Enter the Custom Data Value (true).

 

 

What if we dont have any MDM solutions? 

reaper
Cyber Elite
Cyber Elite
In response to BigPalo

‎07-15-2025 03:58 AM

you do need to keep the base content package updated, even if there's no TP license, as it also contains other minor updates

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

BigPalo
L4 Transporter
In response to reaper

‎07-18-2025 03:18 AM

OK but we dont have MDM. What would be the solution for IPhones?

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to BigPalo

‎07-29-2025 10:10 AM

The content package is downloaded and installed on the firewall, it doesnt require an mdm

Keeping the GP app updated is done via the appstore

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 933 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks