This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

GlobalProtect Pre-Logon Prompting for User Certificate

We have GlobalProtect Pre-Logon working with machine certificates however once the user logs into their laptop they are also prompted with thier User Certificate each time. There internal CA does issue machine and user certificates. Is there a way to disallow the User certificate prompt? Do we need to also use User certificates along with machin...

CVE-2025-0141 GlobalProtect App: Privilege Escalation (PE) Vulnerability

Hi Experts, In description it says, "An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows.". Since locally authenticated non administrative user is mention...

Automatic deployment of GlobalProtect for Mac via Intune

My Company uses Intune for Mac management, and we are trying to automate as many app deployments as we can. Right now, I am hung up on GlobalProtect. I have already created a line-of-business app using the .pkg provided by Paloalto for GlobalProtect. The issue I am running into however, is the fact that the installer has multiple options; 1. Ins...

kinits by L0 Member
  • 16539 Views
  • 11 replies
  • 1 Likes

Globalprotect end users are receiving default route (0.0.0.0) but it is not configured to do that

Hello masters,I need your help on how to troubleshoot an issue related to global protect. On our Access routes, no 0.0.0.0 are configured.We wanted to let users use their local gateway for any traffic destined to the internet.But they are receiving the 0.0.0.0 in their RoutePrint resulting to traversing their any traffic to the VPN.This is clogg...

Resolved! Global Protect 6.2.X, HIP Match and Fedora 41

Hello everyone, I am opening this discussion due to a "compatibility" issue between Fedora 41, the 6.2.X GlobalProtect client and the HIP match function. In our organization we are planning to move from GlobalProtect 6.1.X to 6.2.X. We collect posture data from the GlobalProtect clients and evaluate them against some HIP Profiles (such as patch-...

Resolved! GP Alert - Error code 44 - Invalid authentication cookie

Hi, all of our users seem to be successfully connected to GP, however, I am receiving the alerts like below (I've only removed/amended some sensitive information). Can anyone shed some light on this Error 44 and invalid authentication cookie? Anything I should be worried and anything I should/could do to rectify this? Thanks, G receive_time: 2...

GlobalProtect localDb auth change password

Hi, I want to configure global protect to authenticate with localDB users. My doubt is if its possible to change the password for the different users when they connect with GP the first time. We would need local users accessing the GP to be able to manage password changes themselves. Is that possible? what config should be done? Thanks

BigPalo by L4 Transporter
  • 1063 Views
  • 2 replies
  • 0 Likes

Default route using split by domains

I need to add this domain "*microsoft.com" in order to go into the tunnel but then i add the domain the GP config adds 0.0.0.0/0 route into the tunnel. Is there any way to avoid/deleted default route when you add any domain in split tunneling?

BigPalo by L4 Transporter
  • 968 Views
  • 1 replies
  • 0 Likes

HIP Check reports fail to send to internal gateway following internal gateway certificate change or patching of firewall

Hi all, we've recently had a couple of issues which have caused us to investigate client Global Protect connectivity issues. The first was off the back of the recent security patching of our firewall HA pair. The second was after replacing the internal gateway certificate on the firewall HA pair. We run an Active/Passive pair on 9.2.6-h3 Globa...

timspenc by L1 Bithead
  • 3531 Views
  • 7 replies
  • 0 Likes

GlobalProtect - reject logon attempts for GP versions less than X

We get a lot of drive by logon attempts to GP that I'd like to reject at the start and I've noticed a good number lately are showing a Windows client specified with version 6.2.1. Is there a way to reject GP logon attempts such that 6.3 or greater is required? I didn't see a HIP specification for the GP Version but I may have missed it. I'd e...

Prefered GlobalProtect releases

I have two problems.1. I have trouble checking the preferred globalprotect releases.Similar questions have been asked before (for example: https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-preferred-release/m-p/462965#M2426), and the answer is: https://live.paloaltonetworks.com/t5/customer-resources/pan-os-globalprotec...

dkoshin by L0 Member
  • 1449 Views
  • 1 replies
  • 0 Likes

GP 6.3.3 Not uninstalling old versions

We have had multiple Windows users where the installation of 6.3.3 does not uninstall the old GP version. This causes an upgrade loop for the users. This is both for Transparent and manual installations. The only fix we have identified is to completely uninstall the old version and then install the new. The issue with this is that most of ou...

TomCole by L1 Bithead
  • 1581 Views
  • 4 replies
  • 0 Likes

Global protect gateway is reusing cached HIP reports by default if no HIP report is received at login

Dear all, We experienced a strange issue recently where a client of ours reported a connectivity issue (not related to HIP, but related to a firewall rule). When we tried to find the client in the recent HIP logs we noticed its last HIP report was from a few months earlier. In the security logs the client was visible as connected that day. We...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks