I have a portal/gateway working with Active Directory. Now I'd like to limit access to only members of a certain AD group. What is the best way to enforce that? Thank you.
Trying to get an LSVPN setup (GlobalProtect Satellite) working and getting this error when the Satellite tries to authenticate to the Gateway: "Missing Server certificate profile". I can't find any information on this error anywhere. [Edit: CLI logs show this is actually "Missing Satellite certificate profile". However, I still can't find any...
Is a special license required for performing HIP checks on clients trying to connect with Global Protect to the PAN?I see the PAN has Premium, Threat Protection, Wildfire and PAN DB URL presently.
I'm using Google as my IDP to authenticate access to Global Protect for the bulk of my users. I have a second gateway/portal that is just local users/groups and I have policies that restrict their access, and I want to mimic that with my main PortalGateway. Ideally I want to pass an attribute to PA that says this person gets this access. I am f...
Hello,How can I remove global protect and its restrictions?I was able to remove it, but it gets reinstalled again by itself.Thanks
We're using these versions (Yes, we need to upgrade, but other priorities at the moment)PANos 8.1.14Global Protect client 5.2.1 We're currently usingOn-Demand, which is working. We used this page with the only difference is we're using AD Authentication.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH2CAKNow we want ...
Is there a way to restart the Globalprotect module? PC and Mac users on Globalprotect are unaffected, its only on mobile devices.This suddenly stopped working this morning. I even tried manually setting the DNS in the VPN profile to our internal DNS but is still not resolving. This is happening to all clients starting this morning.
When setting up a portal or gateway there is a place to configure authentication - say with LDAP or other. What is the relationship between the portal and gateway from the perspective of authentication? Obviously you'd want users to just log in once.
When I am trying to connect with VPN then its throwing below error and after that a blank popup for login window comes, earlier in the login popup it asks for username and password,
Using PanOS 9.1.10 and GP Client 5.2.8We have Okta authentication set up and working on our GP portals, but a strange issue was causing failures for quite a while, and we couldn't figure it out even working with Palo Alto tech support for many days. The issue was that authentication would succeed, and then the GP agent would tell us, "You are n...
Hi! An exciting start to the day - a security policy with a HIP profile ("compliant" - basically running an approved os) that previously worked fine, stopped working for a random selection of people and rapidly became less random and more universal. After ripping out that requirement (so my phone wasn't making quite so much noise), dug into what...
https://publicIP/global-protect/getsoftwarepage.esp This portal is available now publicly even without login. Anyone can access the portal without login and download the client.Is it possible to restrict this page to login users only.
Our VPN users are complaining that after being connected for over 1 hour they get disconnected by global protect. They have to close global protect and reopen to connect back. We have remote customer service agents that get disconnected up to 4 to 5 times a day. We are running global protect version 2.3.3-5. We have opened a ticket with supp...
Is it possible for PA local users to change their password themselves. Global protect VPN users needs to have option to change their password, rather than admin setting the password.
Hi Team We have a GP portal vpn.example.com which is hosted on a physical NGFW where we use SAML for authentication.Now we want to move it to cloud, hence we have to generate a new SAML for this portal IP with the FQDN vpn.example.com.We want to use the same FQDN for GP portal on cloud. I am not sure about the IDP (SAML) side configuration but ...
BPry
on:
MacOSX Tahoe 26.4.1 (25E253) / Global Protect 6.3.3: Network is unreachable
