This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Gateway side not seeing Satellite published subnet

I've just set up a PA-850 as a satellite to my main 3050 and the connection seems good. All the subnets published by the Gateway can be seen by systems on the Satellite side. However, the subnet being published by the Satellite can't be seen on the Gateway side. According to the Satellite Info section of the GP Gateway, it does see the satellite...

Resolved! Global Protect Certificate Authentication

Hi Team, We are using self signed certificate for user authentication signed by self-signed CA cert on Palo Alto for our global protect. does my understanding below is correct regarding certificate expiration/renewal. 1. if CA cert expired while user cert still valid, user does not need to install renewed CA cert.we can renew the CA cert on palo...

L1_ENG by L1 Bithead
  • 4766 Views
  • 2 replies
  • 0 Likes

Resolved! Stack overflow in PanGpHipMp.exe

On my laptop, I'm receiving the following crash notifications in my Windows EventLog about 2-5 times a day. Faulting application name: PanGpHipMp.exe, version: 5.0.8.4, time stamp: 0x5e28f98d Faulting module name: PanGpHipMp.exe, version: 5.0.8.4, time stamp: 0x5e28f98d Exception code: 0xc00000fd Fault offset: 0x00000000000248b7 Faulting process...

i3vi3v by L2 Linker
  • 19917 Views
  • 4 replies
  • 1 Likes

Allow traffic to specified FQDN enforce globalprotect for network access?

Has anyone tried using this? Wondering how it works, and if it is an "and" or an "or" if you specify IP's in the "allow traffic to specified IP's when enforce globaprotect for network access is enabled. I'm trying to get users out to something simple, like bing.com and finding that even without specifying an IP address, and only specifying...

Sec101 by L4 Transporter
  • 3867 Views
  • 1 replies
  • 0 Likes

Resolved! GP SAML Client Certificate

Hi, we are about to switch to SAML (from ldap). We use an on premise ADFS for this. The configuration fits so far except one thing. When i connect via SAML to our portal i get a popup to confirm the user certificate. The user certificate was issued by our internal enterprise ca. I think the certificate is not in the global protect browser-certif...

PhRose by L0 Member
  • 4110 Views
  • 2 replies
  • 0 Likes

Resolved! Internal gateway... how to share user information?

Hi, if i have a couple of internal gateways (A B C) deployed. When an user authenticated successfully to A, the firewall will get its user-id "xxxx@yyy.com"... how do i share this user-id info to gateway B and C, so that they will be able to map IP - user-ID info? Else the firewall policies i have will only works on A and not on B/C gateways. Th...

GlobalProtect could not connect - socket error 10047

Hi,I got two computers that have installed agent GP 5072 and are connected to the same home network. The first one with win10 has no issues in connecting. The second one mounts win7 and its connection always fails with error "Could not connect to the GlobalProtect gateway. Please contact your IT administrator." After digging in the PanGPS logs o...

MatteoD by L0 Member
  • 4929 Views
  • 1 replies
  • 0 Likes

GlobalProtect User REport

hi everyone ,i need help with small issue, is there any way to find list of users that never connect ?i can generate report for last login , but if the user never connect it will not show.when corona started we created users for all employes (local users not AD users)

o.othman by L0 Member
  • 2807 Views
  • 1 replies
  • 0 Likes

SAML with ADFS and GP

Hi EveryoneWe are currently using GP with LDAP as an authentication method. This works like charm.Now, we want to start using the AZURE MFA option that we have configured on our ADFS servers.I’ve managed to setup the SAML between the ADFS servers (2016) and the palo alto but I can’t seem to get the VPN working.I’ve followed this guide to setup t...

Prelogon PC not showing in Gateway Remote Users

I'm trying to set-up GlobalProtect PreLogon using this guide: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0 It only seems to be working if I logon to the PC and sign in with an account. If I logout the connection is maintained, and if I reboot connection is restored. The gateway remote users shows the named us...

Resolved! GlobalProtect - Renew Certs and Upgrade Clients for remote user in production

Current CA and Device Certs need to be renewed. GP client software updated. Can someone tell me how folks are doing this if they need an active GP VPN connection to deploy to the clients in the first place? We do not use Portal. - and Users cannot install software on devices Any suggestiosn? If I should make new CA/Device certs (certs are both c...

Resolved! Cert profile and SAML to Azure with GP Gateway Machine Cert Possible?

Is it possible to use a Certificate Profile to verify a machine on your GP Gateway, all while using SAML authentication to Azure? SAML to our Azure instance works great for us now, but does the firewall use the certificate profile only as a 'pre-logon' user, or initial challenge, and then still send the user to azure to complete SAML authentica...

Sec101 by L4 Transporter
  • 3838 Views
  • 1 replies
  • 0 Likes

GlobalProtect intrazone access

Is it possible to create a rule to allow certain intrazone traffic for GlobalProtect clients. E.g. so that client1 on GP can ping client2s GP interface. I tried creating a specific rule that would allow traffic from GlobalProtect security zone to GlobalProtect security zone but no luck. Is this type of functionality achievable with GlobalProtect?

Glass magnifier detail info needed for HIP Match, Log Detail

Hi, I am looking to see if there is a way to export or report the details info that glass magnifier provides when click on HIP Match, Log Detail in the glass magnifier column. The HIP Match columns do provide basic info such as: pc name, user name, domain, serial number, etc. I have tried different settings in the HIP Objects and Profiles but in...

  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks