This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! Global Protect pre-logon then on-demand configuration

We're using these versions (Yes, we need to upgrade, but other priorities at the moment)PANos 8.1.14Global Protect client 5.2.1 We're currently usingOn-Demand, which is working. We used this page with the only difference is we're using AD Authentication.https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH2CAKNow we want ...

Globalprotect mobile clients unable to resolve DNS

Is there a way to restart the Globalprotect module? PC and Mac users on Globalprotect are unaffected, its only on mobile devices.This suddenly stopped working this morning. I even tried manually setting the DNS in the VPN profile to our internal DNS but is still not resolving. This is happening to all clients starting this morning.

Resolved! AD Authentication GP Portal versus Gateway

When setting up a portal or gateway there is a place to configure authentication - say with LDAP or other. What is the relationship between the portal and gateway from the perspective of authentication? Obviously you'd want users to just log in once.

Using Okta Auth for GP Portal fails at Config Selection Criteria

Using PanOS 9.1.10 and GP Client 5.2.8We have Okta authentication set up and working on our GP portals, but a strange issue was causing failures for quite a while, and we couldn't figure it out even working with Palo Alto tech support for many days. The issue was that authentication would succeed, and then the GP agent would tell us, "You are n...

CMcGraw by L0 Member
  • 3780 Views
  • 0 replies
  • 0 Likes

HIP Data Not Being Collected

Hi! An exciting start to the day - a security policy with a HIP profile ("compliant" - basically running an approved os) that previously worked fine, stopped working for a random selection of people and rapidly became less random and more universal. After ripping out that requirement (so my phone wasn't making quite so much noise), dug into what...

Global Protect disconnects several times a day

Our VPN users are complaining that after being connected for over 1 hour they get disconnected by global protect. They have to close global protect and reopen to connect back. We have remote customer service agents that get disconnected up to 4 to 5 times a day. We are running global protect version 2.3.3-5. We have opened a ticket with supp...

User password change

Is it possible for PA local users to change their password themselves. Global protect VPN users needs to have option to change their password, rather than admin setting the password.

ceapen01 by L2 Linker
  • 4237 Views
  • 1 replies
  • 0 Likes

VPN portal migration to Cloud

Hi Team We have a GP portal vpn.example.com which is hosted on a physical NGFW where we use SAML for authentication.Now we want to move it to cloud, hence we have to generate a new SAML for this portal IP with the FQDN vpn.example.com.We want to use the same FQDN for GP portal on cloud. I am not sure about the IDP (SAML) side configuration but ...

Query with generating Wild card certificate for GP Portals/Gateway on the firewall for requesting CSR with GoDaddy CA

Hi All, We are having 3 ISP's and one GP Portal/Gateway pair configured on each of the ISP interface total of 3 GP Portal/Gateway on the single firewall all are accessed by FQDN name We had bought 3 domain names from Go Daddy for all of our 3 ISP IP's namely (for example : ISP 1 IP - a.vpn, ISP 2 IP - b.vpn.com, ISP 3 - c.vpn.com) and using it i...

tamilvanan_0-1632548703763.png

Resolved! AzureAD Group Mapping for GP

Hello, We're currently implementing GlobalProtect with SAML Authentification to AzureAD only (no hybrid) based on groups for easier management. Example :Groupe1 is given an IP_Pool1 IP with access to subnet1Groupe2 is given an IP_Pool2 IP with access to subnet 1 and 2 As of today, we didn't find any way to do it properly and from what we've seen...

GP_VPN Disconnection Issue

Hi All, We are having two ISP connections and configured an GP Portal/Gateway on each ISP connections(Primary Portal/GW on ISP 1 and Secondary GP Portal/GW on ISP 2). On firewall the ISP 1 is configured as default route and ISP 2 is configured as back-up default route and path monitoring configured on ISP 1. We could see in the system logs that...

Global Protect at a IPsec S2S branch office

Hi allWe have a load of small branch offices that terminate at our azure Palo Alto gateway over an IPsec tunnel (via a Draytek router). This all works and allows printing & RDP to onprem services. We also have the Global Protect gateway on the same Palo Alto albeit on a separate subnetWe are starting to pilot win10 devices with global protec...

benslade by L1 Bithead
  • 2069 Views
  • 0 replies
  • 0 Likes

Exclude Zoom from GlobalProtect

Hello, I'm working on excluding Zoom from GlobalProtect. I came across this articlehttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPDSCA4&lang=en_US%E2%80%A9 For windows, there is an error, instead of excluding %AppData%\Roaming\Zoom, you just need to use %AppData%\Zoom, as %AppData% already takes you into the roa...

  • 2079 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks