This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

GlobalProtect User REport

hi everyone ,i need help with small issue, is there any way to find list of users that never connect ?i can generate report for last login , but if the user never connect it will not show.when corona started we created users for all employes (local users not AD users)

o.othman by L0 Member
  • 2834 Views
  • 1 replies
  • 0 Likes

SAML with ADFS and GP

Hi EveryoneWe are currently using GP with LDAP as an authentication method. This works like charm.Now, we want to start using the AZURE MFA option that we have configured on our ADFS servers.I’ve managed to setup the SAML between the ADFS servers (2016) and the palo alto but I can’t seem to get the VPN working.I’ve followed this guide to setup t...

Prelogon PC not showing in Gateway Remote Users

I'm trying to set-up GlobalProtect PreLogon using this guide: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0 It only seems to be working if I logon to the PC and sign in with an account. If I logout the connection is maintained, and if I reboot connection is restored. The gateway remote users shows the named us...

Resolved! GlobalProtect - Renew Certs and Upgrade Clients for remote user in production

Current CA and Device Certs need to be renewed. GP client software updated. Can someone tell me how folks are doing this if they need an active GP VPN connection to deploy to the clients in the first place? We do not use Portal. - and Users cannot install software on devices Any suggestiosn? If I should make new CA/Device certs (certs are both c...

Resolved! Cert profile and SAML to Azure with GP Gateway Machine Cert Possible?

Is it possible to use a Certificate Profile to verify a machine on your GP Gateway, all while using SAML authentication to Azure? SAML to our Azure instance works great for us now, but does the firewall use the certificate profile only as a 'pre-logon' user, or initial challenge, and then still send the user to azure to complete SAML authentica...

Sec101 by L4 Transporter
  • 3865 Views
  • 1 replies
  • 0 Likes

GlobalProtect intrazone access

Is it possible to create a rule to allow certain intrazone traffic for GlobalProtect clients. E.g. so that client1 on GP can ping client2s GP interface. I tried creating a specific rule that would allow traffic from GlobalProtect security zone to GlobalProtect security zone but no luck. Is this type of functionality achievable with GlobalProtect?

Glass magnifier detail info needed for HIP Match, Log Detail

Hi, I am looking to see if there is a way to export or report the details info that glass magnifier provides when click on HIP Match, Log Detail in the glass magnifier column. The HIP Match columns do provide basic info such as: pc name, user name, domain, serial number, etc. I have tried different settings in the HIP Objects and Profiles but in...

GP SSO SAML Azure AD - Microsoft SSO Login Page

Hi, Why sometime we see the Microsoft SSO Login page requesting password ? Most of the time, this is seemless and transparent to user, and we do not have to enter username/password which show me that SSO is working great. However, like I said, sometime, we got the Microsoft SSO Login page requesting password. I'm just wondering which cause the ...

Resolved! Global Protect Licensing issue

Hi, We use Global Protect to access certain portals. For our usage we did not require a license according PA Licensing Docs. However, to solve an issue, a couple of months ago someone installed a "free" License and that expired yesterday. We now have a problem where we cannot access portals through the VPN because we need to get the 5250 back to...

CliveG by L0 Member
  • 5035 Views
  • 2 replies
  • 0 Likes

Looking to mirror traffic from our global protect VPN to a mirror port

We are looking to send traffic to a mirror port similar to the decrypt and mirror functionality for our global protect VPN. We essentially would like to mirror all traffic coming and going to clients connected to our global protect VPN traffic to an external appliance, In order to be useful it needs to show the IP assigned to the client. We have...

Ravens1 by L0 Member
  • 3265 Views
  • 1 replies
  • 0 Likes

MicrosoftIntune deployed PaloAtlo VPN client not working using custom ports

Hi,we are using Android for Work deployed by Intune. We are also deploying PaloAlto VPN Client from Managed Google Play using Intune.With VPN client deployed from Managed Google Play we can connect to company network, but we cannot access application on custom port (2701). But with client installed from ordinary Google Play we can connect to com...

mario_01 by L0 Member
  • 2884 Views
  • 1 replies
  • 0 Likes

Resolved! After authenticating GP clientless VPN user connects straight to the app

Hi We have successfully set up GlobalProtect clientless VPN with RADIUS and Duo to provide initial logon authentication but once authenticated instead of being presented with the allowed app and then clicking on it the user is connected straight through to the app.I have unticked cookies under "Authentication Override" but this has not altered a...

GP - MFA notification message for desktop clients

I recently configured Cisco DUO with our GlobalProtect. When a user connects in on Windows/Mac there is no prompt from the client to go approve the MFA on their phone. It just hangs waiting. Can I have GP prompt the user letting them know that further action with MFA is required to proceed?

Resolved! Global Protect unable access certain vm behind firewall

Hello Folks. So we have configured GP in one VM-Series in a Cloud Community. We are experiencing unusual behavior. I do not know whether it was the GP configuration or it is in the VM. So sample VM 1 has an IP of 192.168.14.X and VM 2 has an IP of 192.168.14.X when connected in GP I can ping VM1 also the traceroute is complete but when trying t...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks