This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! SAML Testing

We have SAML for GlobalProtect setup and working on our test PA firewall and cannot be used for production.Our goal is to configure our production firewalls to use SAML for GlobalProtect and limit specific AD groups for testing until we make SAML global. I know SAML can't be used in an Authentication Sequence, and adding a Client Authentication ...

Exclude Video Traffic - Global Protect

Hi there, We've setup our global protect to exclude all video traffic, using this guide: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-gateways/split-tunnel-traffic-on-globalprotect-gateways/exclude-video-traffic-from-the-globalprotect-vpn-tunnel.html The firewall has all the relevant licenses required (GP...

Global Protect HIP Policies

I would like to configure the HIP Policies which will match the Domain name of Windows Clients, if VPN connections do not match the HIP policy then VPN Connection should get disconnect with the notification. Please help me how can we achieve this?

Shashihm by L1 Bithead
  • 1982 Views
  • 0 replies
  • 0 Likes

I got an error while uninstalling GlobalProtect

hi, all I had a working version of the 64 bit Windows version of GlobalProtect installed on my secondary hard drive on my Windows 10 laptop. My hard drive completely failed recently, disappearing from Windows. GlobalProtect still showed up in the Add or Remove programs list but I could not uninstall it as it said there were files missing. I tri...

Resolved! GlobalProtect App for Android on Managed Chromebooks Using the Google Admin

Hi we want to deploy Global-protect app for Android on managed Chromebooks using Google admin console.Requirement: every device needs to be uniquely identified and then allowed. Kind of a device whitelisting for example Host id for windows.Problem 1: when the GP app running in Android container on a Chromebook managed by google admin console, my...

lrangra by L1 Bithead
  • 7530 Views
  • 4 replies
  • 0 Likes

GlobalProtect upgrades & issues on DHCP option 43 code

Hello All, Since last year, we are using GlobalProtect 5.0.4 along with DHCP options 43 to detect the Internal GP GW FQDN. The GP client then connects to the branch office GP GW and pushes the User-ID - as it should. Since I updated our main PA 5520 cluster to PAN OS 9.1, I also upgraded a newer version of GlobalProtect (v.5.1.1 and then v5.1.2)...

Rievax by L2 Linker
  • 5691 Views
  • 3 replies
  • 0 Likes

Resolved! 2FA for SSLVPN User.

Hi Guys, I want to achieve 2FA for SSLVPN user, for 2FA the vendor is SafeNet.Does Palo Alto supports SafeNet for 2FA and if does how can we Configure it. Many thanks in advance. Regards,Osama.

Local Printing Non-Split Tunnel

Does any know if it possible to allow access to local network printing when you have Global Protect setup to route everything over the tunnel ("No direct access to local network" option enabled). I've been looking at the Exclusion section and see options to exclude Client Application, would this over ride the "No direct access to local network"...

CmpDR196 by L1 Bithead
  • 7993 Views
  • 3 replies
  • 0 Likes

certificate format from CA to clients and GP

Hello Team Our GP is running with users authenticating via AD account Now we are rolling out Machine certificate via Group Policy from our Microsoft CA server to all the Domain clients and then the goal is to enable certificate check in addition to AD authentication for Global protect corporate users My question is when Microsoft CA issues certi...

Documentation on Global Protect

Hello, I'm looking for documentation about Global Protect. The default help pages only summarize the menu options in the gui. Typically they contain no explanation about its context or purpose.Examples of things I really can't intuitively find about global protect:- Is it supported on an active/active firewall? - Are there any documents with exa...

Resolved! GlobalProtect with SecurEnvoy as a RADIUS Server

Hi everyone,I have got a customer who like to use his SecurEnvoy Server for RADIUS with global protect.I have done the configurations following this guide:https://www.securenvoy.com/en-gb/integration-guides/vpn-remote-access/palo-alto-ad-integrationThis dokument is outdated, we are using PAN OS 9.0.5 and GP 5.1.3 After some trial and error we go...

rwieseke by L0 Member
  • 3703 Views
  • 1 replies
  • 0 Likes

Global Protect Logs in CEF Format

Hi Everyone,I need to send Global Protect logs to Arcsight connector in CEF format.looking through all documentations of CEF configuration Guide that are available, there is nothing mentioned about Global Protect logs and how to convert them to CEF format.Anyone has an idea how to accomplish this ?

A.Kassis by L0 Member
  • 5598 Views
  • 3 replies
  • 2 Likes

GlobalProtect Mixed Gateway Always-On

Hi All, As per this article (https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/mixed-internal-and-external-gateway-configuration) if I set my portal to User Logon (Always-On), my internal gateway will try to connect, but my external will not (it will have to be done manually). This is what I wan...

Clientless VPN and HTTP Redirects

Hi I am attempting to use the Clientless VPN feature to give access to an internal web proxy server but have an issue where the Palo Alto is not rewriting URL's from a HTTP 301 Redirect. We use inginx/vouch as the proxy server to provide single sign on functionality to our web applications. Part of the process for this authentication is that i...

MAC Client with SAML fails for any version newer than 4.0.8

Hello. We run Global Protect VPN on a Palo 850 with SAML from OKTA and certificates from VMWare Airwatch. For any version of GP Client on the MAC newer than 4.0.8 the login fails. It does not prompt to select the certificate or for username and password. I have a case open, but so far no luck. I am wondering if anyone has seen this or has any id...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks