This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Global Protect After Prelogin the switch to user is not changing IP networks

We are using machine and user certificates from a windows server 2016 CA. to authenticate when using Global Protect.Step one is the prelogin connections and it works as intended. The IP address is assigned on 10.1.1.0/24 network.Once the user logs into the computer it is configured as always on VPN then switch to user certificate for the user V...

Connect to (2) different PAN environments at the same time

Hello all, Does Global Protect allow for making two concurrent connections to different environments at the same time? We have (2) pairs of PAN's in different data centers (on different subnets) and have a need for connecting to both environments at the same time. In the past we have used OpenVPN prior to migrating to PAN's. Is this possible ...

STI_IT by L0 Member
  • 3880 Views
  • 2 replies
  • 0 Likes

Global Protect client - Log file size

Hello, We have just rolled out Global Protect on our workstation & mobile clients, and are starting to run into a bit of a problem.It seems that on some of the machines, the file : pangps.txt (log file) just keeps on growing.Now, in itself it's normal that the size increases a bit over time but we have had some machines where the log file be...

GlobalProtect 5.1.8 couldn't save username & password

I am using globalprotect vpn to my company. I would like to know how to save username & password?You can save it if you use older version (4.x) but you can't is you upgrade to 5.x.Windows 10 + GlobalProtect 5.1.8I could not find out how to save username & password after upgrading to 5.1.8.

RojerChen_1-1623739795174.png
RojerChen_0-1623739716499.png
RojerChen_2-1623740014833.png

Resolved! Setting up pre-login. Second Gateway totally necessary?

Hi I am trying to setup pre-login for my company I see I need to setup self signed certs and install them on all the clients but everything I have read says I need two separate global protect gateways setup. Can I not just setup the gateway we are already using and convert it to pre-login? Would doing this cause an issue?

GP connection Error

(T21400)Debug(1158): 06/10/21 17:58:32:971 SPStop is called(T21400)Debug( 783): 06/10/21 17:58:32:983 PreviousDNSInfo doesn't exist, no need to restore(T21400)Info ( 552): 06/10/21 17:58:32:983 not call uninstallClientConfig, netSetup=000001EBBD0BF770, clientConfig=000001EBBDC6E730, panMSService=000001EBBDA6B610, panMSService->IsConfigInstall...

VPN_Connection_Error.jpg

Global Protect saml autentication and azure ad configuration

Hi, I have configured gp with saml autentication; my azure ad connector is configured for hash pass synchronization. I noticed that gp always authenticates me regardless of whether the password has expired or not. there is no way to force me to change the password from the 365 screen? do i need to configure pass through autentication? Thank you

Ale666 by L0 Member
  • 2135 Views
  • 0 replies
  • 0 Likes

Resolved! Friendly Re-authentication

Hi folks,We have a number of users trialling our new Global Protect setup and it appears a small number are workaholics.We have the authentication window set at 10hrs (its Radius with TOTP) - and the authentication cookie also expires after 10hrs. From the user perspective, at the 10hr mark, all connectivity is cut and interactive apps (ssh for ...

GN_ROS by L1 Bithead
  • 6522 Views
  • 3 replies
  • 0 Likes

Trouble with HIP checks for Anti-Malware

Hi Community!I have some issues getting HIP checks to work on a PA820.Have configured a couple Objects that checks whether the Cortex XDR agent or Windows Defender is installed/enabledAnd have them added to a profile that I have added to the GlobalProtect Gateway.This seems to be working fine on a LAB-PA220 - triggers whenever Cortex XDR is not ...

pasmartin_0-1622111654042.png
pasmartin_1-1622111671636.png

GP 5.2.6 - Post-VPN-Connect error

Hi Just wondering if anyone is seeing this issue by chance on windows with post-vpn-connect on GP 5.2.6 I am pretty sure it worked fine with older versions... but we have had other bugs with the older client so can't really roll back Scenario 1 - If a machine is rebooted the behaviour we see is the post connect command is called however it erro...

rajjair by L2 Linker
  • 2867 Views
  • 1 replies
  • 0 Likes

Resolved! DNS lookup takes a long time with GP

GlobalProtect Gateway is being used, and all traffic is being routed to the firewall except for some network. DNS lookup takes a long time when I input the domain (website which not in the PC DNS table) that the browser accesses first while connected to a VPN- DNS Lookup time takes about 5-10 seconds The DNS server is using an internal server, a...

Jinnypt by L1 Bithead
  • 12834 Views
  • 12 replies
  • 0 Likes

DIfference between Inactivity Logout and Disconnect on Idle

Hi All, We want GP users to get automatically logged out after 30 minutes. We had changed the "disconnect on idle" value in the connection tab to 30 minutes and then checked after 30 mins for GP Client logout. But the GP Client is still connected to the gateway(Using on-demand user logon). After going through the Palo Docs we found out that no t...

  • 2079 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks