This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Local Printing Non-Split Tunnel

Does any know if it possible to allow access to local network printing when you have Global Protect setup to route everything over the tunnel ("No direct access to local network" option enabled). I've been looking at the Exclusion section and see options to exclude Client Application, would this over ride the "No direct access to local network"...

CmpDR196 by L1 Bithead
  • 7921 Views
  • 3 replies
  • 0 Likes

certificate format from CA to clients and GP

Hello Team Our GP is running with users authenticating via AD account Now we are rolling out Machine certificate via Group Policy from our Microsoft CA server to all the Domain clients and then the goal is to enable certificate check in addition to AD authentication for Global protect corporate users My question is when Microsoft CA issues certi...

Documentation on Global Protect

Hello, I'm looking for documentation about Global Protect. The default help pages only summarize the menu options in the gui. Typically they contain no explanation about its context or purpose.Examples of things I really can't intuitively find about global protect:- Is it supported on an active/active firewall? - Are there any documents with exa...

Resolved! GlobalProtect with SecurEnvoy as a RADIUS Server

Hi everyone,I have got a customer who like to use his SecurEnvoy Server for RADIUS with global protect.I have done the configurations following this guide:https://www.securenvoy.com/en-gb/integration-guides/vpn-remote-access/palo-alto-ad-integrationThis dokument is outdated, we are using PAN OS 9.0.5 and GP 5.1.3 After some trial and error we go...

rwieseke by L0 Member
  • 3662 Views
  • 1 replies
  • 0 Likes

Global Protect Logs in CEF Format

Hi Everyone,I need to send Global Protect logs to Arcsight connector in CEF format.looking through all documentations of CEF configuration Guide that are available, there is nothing mentioned about Global Protect logs and how to convert them to CEF format.Anyone has an idea how to accomplish this ?

A.Kassis by L0 Member
  • 5553 Views
  • 3 replies
  • 2 Likes

GlobalProtect Mixed Gateway Always-On

Hi All, As per this article (https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/mixed-internal-and-external-gateway-configuration) if I set my portal to User Logon (Always-On), my internal gateway will try to connect, but my external will not (it will have to be done manually). This is what I wan...

Clientless VPN and HTTP Redirects

Hi I am attempting to use the Clientless VPN feature to give access to an internal web proxy server but have an issue where the Palo Alto is not rewriting URL's from a HTTP 301 Redirect. We use inginx/vouch as the proxy server to provide single sign on functionality to our web applications. Part of the process for this authentication is that i...

MAC Client with SAML fails for any version newer than 4.0.8

Hello. We run Global Protect VPN on a Palo 850 with SAML from OKTA and certificates from VMWare Airwatch. For any version of GP Client on the MAC newer than 4.0.8 the login fails. It does not prompt to select the certificate or for username and password. I have a case open, but so far no luck. I am wondering if anyone has seen this or has any id...

Global Protect Silent App Deployment

Hi Guys, I have implemented global protect with pre-logon with device certs. It is working as expected. I have customized GP msi to add the portal name and to install silently. However it looks like users need to add their username/password for the first time and after that users don't need to enter the credentials again. Is there anyway to auto...

Namalw by L1 Bithead
  • 5154 Views
  • 3 replies
  • 1 Likes

GlobalProtect Reporting Port Exhaustion on Win 10?

Anyone else seeing a lot of this lately? I've been researching this over and over again for about 2 weeks and all signs point to Windows being the culrpit, but the only time we ever see this happen is when users are connect to GlobalProtect. Here's the culprit log from GPS:connect failed with error 10055(An operation on a socket could not be pe...

VPN Access for Remote Desktop

Hello All, My organization is using Globalprotect VPN to access RD of office PCs from home. I have a slightly different requirement. I want to access my personal laptop from office. What I tried to do was connected VPN on my laptop and tried Windows Remote Desktop from office with both IP and preferred IP but it didn't detect the PC.Is there an...

Additional global protect portal and gateway

Hi We have a working user-logon always on GP setup using certificates to authenticate, but we would like to make some changes and go to prelogon, but with most of the company working remotely we thought we would play it safe and setup a second GP instance on our 820 to use as a testing environment, this is where things got interesting. As a test...

DF2020 by L0 Member
  • 3056 Views
  • 2 replies
  • 0 Likes

GlobalProtect adding machine cert authentication

Hi, We are currently using GlobalProtect with an auth profile that uses LDAP and DUO proxy. We now want to expand this setup with needing a machine certificate to be allowed to log on to portal/gateway so only company owned computers can log in. We created a new CA and machine certificate on our PA-820, then chose this new CA in a new cert profi...

Piggyback off Shibboleth SP for GlobalProtect portal/gateway Authentication

Hello, We have a shibboleth SP setup on our web server which has a discovery service built-in, so that users can authenticate against a number of different endpoints. Is there any way to carry over that configuration to a palo alto SAML authentication profile? The general sequence of events:1. User wants to access private webpage2. Redirected to...

hakasapl by L1 Bithead
  • 5321 Views
  • 4 replies
  • 0 Likes
  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks