- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
Unable to share Microsoft Whiteboard when connected to Global Protect
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Unable to share Microsoft Whiteboard when connected to Global Protect
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Unable to share Microsoft Whiteboard when connected to Global Protect
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-12-2019 03:08 PM
I don't see any drops and suspect it is failing with connecting via authentication or something along those lines. Works fine but as soon as a user connects to GP, whiteboard sharing no longer works. Curious if anybody else has run into this?
Thanks!
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-13-2019 04:29 AM
Hi @jhwarren ,
You need to provide more information, with this poor explanation of the problem it is shooting in the dark.
- Do you use full tunnel or split-tunnel VPN?
- How is you security policy look like? Do you allow specific ports or using AppID?
- How is you GP gateway configured - are you route the traffic base on route, domain or application?
- Have you understand how whiteboard is working? Do you know what port, protocol is used? From which direction the traffic is initiated - is it possible that you need rule allowing traffic from inside to GP VPN?
You need to understand that GlobalProtect is just building logical connection from the user PC to the firewall, after that is down to basic network principles - do you have route, do you have fw rule allowing traffic, do you have reply routed back.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-02-2020 12:33 PM
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43805
We're running into this issue as well but here's what I was able to dig up. Issue likely is related to the Microsoft NLA & NCSI protocols mentioned above. All the rest of our MS products seem to work except MS Whiteboard. I have a hunch that it has been fixed for other MS Products as the person who brought it to our attention stated, "OneNote had the same issue and was fixed some months ago." There was no intervention from us or anyone else that I'm aware.
Fails on both GP Split-Tunnel and Full Tunnel (we have both) set to loopback interfaces, Default Gateway 0.0.0.0. It works on our Anyconnect VPN client which has a numbered Default Gateway.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-02-2020 01:56 PM
Hello,
Its probably an application that is missing or the traffic is being decrypted. Either way make sure you have logging enabled on all of your policies to see where the traffic is getting blocked or decrypted.
Regards,
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-21-2020 04:46 PM
If something is missing, it is not obvious -captures match-up and nothing is dropped that is apparent, I've compared captures from the PA with and without GP and they are similar, so no smoking gun on that front. Given the previous comment of somebody else who is also seeing this, their explanation sounds plausible. Thanks for giving it a think!
John
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-21-2020 04:52 PM
Hello Alexander,
I was vague by intent - I was looking to see specifically if anybody (besides me) was seeing this issue with regards to GP. The reply from a user who also is experiencing this is what I was looking for. I'd also be interested if anybody is using GP and whiteboard does work under that scenario, for what it's worth.
We have a full sweet of cloud-services in-use from Microsoft and this is the only one that has given us any challenge. The usual captures, debugs and such have all failed to produce any reliable leads towards figuring this out.
I appreciate the response - I have looked through and compared a working client and non-working client and nothing jumps out in the captures. I created custom policies and wired them for sound (in terms of logging 🙂 ) and again no useful info revealed itself in those.
How it works is a challenge - I am waiting on MS to weigh-in on that front but I may have a while before I hear back from them 🙂
Thanks for your insight,
John
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-27-2020 04:38 AM
I don't suppose you found a solution to this by chance did you? I have the same issue at present.
Cheers.
Tony.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-27-2020 04:09 PM
Not yet - the ticket with MS premier support is now at Tier-2 and they have asked for some diagnostics to be collected to help them analyze the issue (a 16-step process using Fiddler and a couple of other tools). I'll update once they respond to the information provided.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-28-2020 07:51 AM
Ah great, thanks for the update - that sounds like a real pain, so I won't go down that route just yet unless you find yourself at a dead end!
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-25-2020 04:57 AM
This Microsoft article might be helpful as we have run into the same issue and are going to add RFC1918 addresses [intranet space] to the GPO
- GP uses Microsoft Account connected to Windows 11 User | Can't declare actual VPN User in GlobalProtect Discussions
- Prevent users to use outlook email from public network in Panorama Discussions
- Not Able To Access Microsoft Store in Prisma Access Discussions
- WMI On server 2022 for USER-ID in General Topics
- WMI access denied in System Logs but Device > User Identification shows connected on all DC's in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
