This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! GLOBALPROTECT WITH AN INTERNAL IP BEHIND INTERNET DEVICE

GlobalProtect set up on a firewall with an internal IP address sitting behind an edge Internet device Internet Router (2.2.2.2/24) > Internal Network > PAN ( 192.168.0.2/24) I'm using OS 9.0.13 internally i can connect (for testing purpose), but externally I get error server certificate error. I have associated certificate with FQDN ...

spiyaa by L1 Bithead
  • 3468 Views
  • 3 replies
  • 0 Likes

Resolved! Force GP client upgrade

Hi,Is there a way to force a client to upgrade their globalprotect version? I have set the update to transparent and this works when users boot up their computers and connect. The issue comes from users that remain connected and don't disconnect. Disconnecting their gateway session does not force the upgrade. I use always on vpn setting.

ce1028 by L4 Transporter
  • 14852 Views
  • 7 replies
  • 0 Likes

GlobalProtect using IPSec and a Site-to-Site IPSec VPN

I'm running a PA-500, PANOS 8.1.15-h3 and am trying to create a site-to-site IPSec VPN tunnel. It must run alongside an already configured GlobalProtect gateway where the GlobalProtect is also configured to use IPSec. Can these two VPN types exist on the same firewall at the same time? They would both be using the same outside interface to conne...

kkrause by L2 Linker
  • 3550 Views
  • 2 replies
  • 0 Likes

Host-ID Information is not captured for some by GP Agent

Hi Team, In Global Protect logs, for some of the MAC and Windows machine Host-ID information is not captured by the Agent what will be the possible cause for this and how to resolve this . Snap for Host ID not captured for some and captured for some for the same machine itself: Please let us know if you have thoughts on this below mentioned qu...

SahulH_0-1615293902039.png
SahulH by L3 Networker
  • 5690 Views
  • 4 replies
  • 1 Likes

Pre-Logon can't get IP address from IP pool

I created two agents for my internal gateway in GlobalProtect.One is for Pre-Logon and another is for Any users. I split a big IP address pool for them two.big pool: 10.224.0.0/20Split to : 10.224.0.0/21 and 10.224.8.0/21But no matter which one I assign to Pr-Logon, it will not get IP address when I restart PC.And Any users always can use anoth...

traffic not following the route

Hello We have set split tunnel for our Win10 clients, GP is version 5.1.6 and 5.2.5. PAN-OS is 9.1.7.- default route to firewall- bypass tunnel for some network ranges (e.g. MS-Teams)- bypass tunnel for some URLs (e.g. MS-Teams)- enable DNS-Split For a small fractions of the users I see the MS-Teams traffic sent back to the firewall (expected wa...

GlobalProtect 5.2.4 disconnects when unlocking screen

Seeing some interesting behavior with GP 5.2.4. On Windows 10 1909, GP disconnects when locking then unlocking the desktop.To reproduce:- Connect to your gateway then lock the desktop. Leave the desktop locked for a minute or two.- While locked, the device maintains an active tunnel. This is confirmed by pinging the assigned tunnel address and “...

sampley by L1 Bithead
  • 17402 Views
  • 10 replies
  • 3 Likes

HIP check is slow

Anybody else experiencing slowness with HIP check? Our clients establish an initial connection very quickly (about 5 seconds). But then the process of doing the HIP check actually takes an additional 40-50 seconds. I can clearly see in the logs that the HIP check takes this long to occur, and so users aren't able to access certain resources u...

buck1 by L1 Bithead
  • 5564 Views
  • 4 replies
  • 0 Likes

Globalprotect pre-logon then MFA using SAML Pre-logon doesn't re-connect when user re-star the computer.

Hi, I'm hoping to get help from you guy's. My client set up a pre-logon then MFA using SAML. Pre-logon works fine when end user start their computer, however, when they re-start their computer, pre-logon doesn't connect itself, user has to enter their credentials manually. Please let me know if you need me to upload the gp logs. Thanks.

  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks