This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Lost Sign-In Options on Logon screen

Hi, I've logged onto my machine (logon screen shows GlobalProtect Status - Connected), using GlobalProtect 5.2.5 client with machine based authentication in a virtual machine. The certificate is present on the machine and everything appears to be working ok. If I then log off and go back to the logon screen, the Sign-in options have disappeared ...

borito78 by L0 Member
  • 2512 Views
  • 0 replies
  • 0 Likes

GP 5.2.4 upgrade

Dears, I am planning to upgrade the Globalprotect version from 5.1.7 to 5.2.4. Do I need to push or reinstall SSL / TLS certificate when I am upgrading to GP 5.2.4 ? Also I am planning to push the GP software (*.msi files) from an SCCM server. May I know is this the best method. And any best practices available while pushing the GP client from ...

GlobalProtect Pre-Login with SAML + Azure MFA re-authentication issues

We currently have GlobalProtect deployed utilizing a combination of certificates (for pre-login) and SSO + SAML (to Azure AD) for user authentication. The SAML portion redirects the users to the Microsoft MFA portal for 6 digit authentication when they log in. This is working without pretty much flawlessly. The issue comes into play when a use...

Global Protect gateway isolation based on LAN checks

Dear all,Please see the design below , the idea is testing against IPs 172.16.158.1 (IPs of VLAN 161) using path monitoring + static route Can we add a path monitoring to an internal static route , that internal route monitoring reachability of 172.16.158.1 using as a source Interface a newly created loopback that we could associate with the ...

DPonsdesserre_0-1616680833522.png

GP traffic black holing / redundancy

Dear all ,One of my client is currently facing the below issue :"We have faced some traffic black hole situations with Global Protect users when we are loosing internal connectivity in a GP gateway.When firewall can no longer reach the LAN / internal connection because cable has been disconnected from TRUST interface or LAN , our WAN connectivit...

DPonsdesserre_0-1616667169386.png

Found VAPT vulnerabilities points for SSLVPN URL.

We have done the VAPT on our environment and found the vulnerabilities for the SSLVPN URL which we use. We had mitigated the maximum points but five points are remaining. So need help on that. 1. Password sent in Clear Text - CWE-319.Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To ex...

OsamaKhan_0-1616604463917.png

Global Protect user-pre-logon from Windows domain login first time user

I'm having an issue finding an all inclusive document that can help me validate my GP portal and gw config to allow new users who receive a domain joined laptop be able to log into the domain on receipt of the laptop current gw is pre-login with on-demandall laptop have machine cert installed from our domainfor purposes of the test I have a new ...

Resolved! GLOBALPROTECT WITH AN INTERNAL IP BEHIND INTERNET DEVICE

GlobalProtect set up on a firewall with an internal IP address sitting behind an edge Internet device Internet Router (2.2.2.2/24) > Internal Network > PAN ( 192.168.0.2/24) I'm using OS 9.0.13 internally i can connect (for testing purpose), but externally I get error server certificate error. I have associated certificate with FQDN ...

spiyaa by L1 Bithead
  • 3515 Views
  • 3 replies
  • 0 Likes

Resolved! Force GP client upgrade

Hi,Is there a way to force a client to upgrade their globalprotect version? I have set the update to transparent and this works when users boot up their computers and connect. The issue comes from users that remain connected and don't disconnect. Disconnecting their gateway session does not force the upgrade. I use always on vpn setting.

ce1028 by L4 Transporter
  • 15026 Views
  • 7 replies
  • 0 Likes

GlobalProtect using IPSec and a Site-to-Site IPSec VPN

I'm running a PA-500, PANOS 8.1.15-h3 and am trying to create a site-to-site IPSec VPN tunnel. It must run alongside an already configured GlobalProtect gateway where the GlobalProtect is also configured to use IPSec. Can these two VPN types exist on the same firewall at the same time? They would both be using the same outside interface to conne...

kkrause by L2 Linker
  • 3574 Views
  • 2 replies
  • 0 Likes

Host-ID Information is not captured for some by GP Agent

Hi Team, In Global Protect logs, for some of the MAC and Windows machine Host-ID information is not captured by the Agent what will be the possible cause for this and how to resolve this . Snap for Host ID not captured for some and captured for some for the same machine itself: Please let us know if you have thoughts on this below mentioned qu...

SahulH_0-1615293902039.png
SahulH by L3 Networker
  • 5755 Views
  • 4 replies
  • 1 Likes

Pre-Logon can't get IP address from IP pool

I created two agents for my internal gateway in GlobalProtect.One is for Pre-Logon and another is for Any users. I split a big IP address pool for them two.big pool: 10.224.0.0/20Split to : 10.224.0.0/21 and 10.224.8.0/21But no matter which one I assign to Pr-Logon, it will not get IP address when I restart PC.And Any users always can use anoth...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks