Separating users in saml authentication via okta

Hello.

We are configuring to run gp by authenticating with okta and saml.

There is no difficulty in using gp with authentication, but there is one problem.

I plan to allocate an ip pool for each user, but gp gateway cannot allocate an ip pool for each

Avoid GP Portal to forward user name to external gateway

Hi everyone, 

I bumped into a rather annoying issue with Global Protect.

Context:

We needed and external authentication source for MFA with our Global Protect deployment, so we set up OKTA SSO (with SAML) for our Global Protect Portal. In order to Gr

Linux client wayland support (icons, statusbar) and packages for different Linux distributions

Greetings Palo Alto!

I'm having PA Globalconnect at work and, to be fair, the official client is so bad that I have to use opensource compatible version "openconnect". Sometimes this is not recommended by companies; so:

1) Please make the Wayland tray

GlobalProtect - "Refresh Connection" API call via DLL/etc

Is there an API or any documentation on how to call the GlobalProtect "Refresh Connection" function from external code? I want to be able to call this function from custom external code.  The reason why is to fix a connection issue we are having thro

Global Protect 5.2.6-87 Not able to see all folders on DFS file shares

We have some users who cannot see and processes cannot access some of their folders on a DFS file share when they are on the GP VPN, but they can see them when they revert to our previous VPN (we are just rolling out GP now).  They do not have offlin

Global Protect PANGP Virtual Ethernet Adapter disabled after Jun21 MS Security patches. (KB5003974 suspected)

Starting after Microsoft Cumulative and Security updates released in June 2021, our users have been experiencing issues where they are unable to connect to Global Protect after resuming from a reboot or sleep. The blue "connect" button is present, an

Global Protect does not connect on First attempt

Hi Community,

We have few users where GP does not connect on first attempt.

User need to try few times to make it work.

We are using  GP 5.2.5 and PAN OS 9.1.8

Firewall i do no see logs for unsuccessful connection.

We are using Pre-logon then on demand.

Hibernate message in GP logs

What does below log mean

P5168-T2376)Debug(6561): 07/15/21 08:14:19:956 NetworkConnectionMonitorThread: m_state = 0, m_bOnDemand=1, m_bAgentEnabled=1, m_bJustResumed is 1,
m_bHibernate is 0, m_bAgentEnabled is 1, m_bDisconnect is 0, IsConnected() is 0

GlobalProtect gateway limit

We have a pair of PA-850 firewalls, and we are running into an error when pushing configuration from Panorama that contains 7 GP gateways (6 external and 1 internal), and 6 portals.

. global-protect -> global-protect-gateway -> GlobalProtect AlwaysOn

MFA and Windows Store app

My company has allowed the use of the Windows Store app for the past few years and it has been very handy for deployments. We are  moving to MFA for VPN in the near future. Just wondering if the Windows store app will ever support that  or if we need

creating split tunnel on full tunnel enforcement

Hi

We’ve recently discovered that the Mac GlobalProtect client does not terminate existing network connections after full tunnel with no access to local network is established. This is reproducible In the following procedure:

1. Disconnect from VPN
2. Connec

Multiple Class C addresses PA setup

I’m configuring a PA3220 for three external class C addresses we own (192.168.10.0/24, 192.168.11.0/24, and 192.168.14.0/24). We have two ISP Internet connections on two different campuses. We are using trunking to carry the different VLANs, so the o

Send Logs from GlobalProtect App on iOS managed via Intune

Does anyone else have issues on iOS sending logs from the GlobalProtect client to email when the device is managed via Intune?

We manage our devices via Intune and use the MS Outlook app for email.  We are having an issue with the GlobalProtect app a