TunnelVision Vulnerability on Prisma Access via GlobalProtect Agent?

https://security.paloaltonetworks.com/CVE-2024-3661

The advisory states Prisma Access is unaffected by the TunnelVision vulnerability. However, to use Prisma Access, it must be done through the GlobalProtect agent itself.

I looked at my GlobalPro

Deploying GlobalProtect to iOS devices via (Airwatch, Meraki, MDM)

Hi,

We're looking at deploying GlobalProtect to 1000+ iOS devices and wondered if there was anyone out there that could share their experiences and provide some insights.

Using our MDM tool (Meraki and Airwatch), I'd like to push out the GlobalPr

Clientless VPN only shows the top application in the stack

We're trying to setup Clientless VPN for the first time and we've run into an issue where the portal site only shows the top application in the config stack.

GlobalProtect > Portals > Clientless VPN > Applications.

They all seem to work when you

Client cert usage check failed

I am testing client auth using certificates and the certificate is not being retrieved from the User store. It's Windows 11. The PanGPA.log file shows this error:

(P23516-T9764)Debug(2744): 06/08/24 11:07:10:562 box return Valid client certificate

Global Protect on MacOS (TYPE65 dns queries)

While troubleshooting a failing GlobalProtect update on my own machine, I checked the DNS requests made by the Global Protect updater. And noticed that it's not making type A requests, but instead uses TYPE65 (aka HTTPS ordraft spec RFC 9460) request

Globalprotect vpn unable to connect on ios device

Hi Team 

I am facing issue Globalprotect vpn unable to connect on ios device  . getting certificate invalid error .

We deployed MS Autopilot, is it possible to do join AD domain network remotely via GlobalProtect?

We enabled "Connect Before Logon" but cannot sign in Windows, any idea, please?

Global Protect Authentication Loop with Azure unable to connect but authenticate completes.

Hello Everyone, 

Has anyone else been facing issues connecting via GP VPN lately?

When we try to connect via the agent. It prompts to authenticate via edge. Once that is complete and 2fa is verified on the webpage it states authentication complet

After Endpoint Traffic Policy Enforcement, client can not be access microsoft login portal for smal auth.

Hello Everyone,

I build a gp authenticaiton for azure ad saml auth in prisma access, and it works normally.

After enable "Endpoint Traffic Policy Enforcement", and missing add lists of enforcer exception list, and then finished push jobs,  client

GlobalProtect doesn't upgrade transparently.

In Prisma Access Mobile User, the user GP version was distributed as 6.2.0. However, due to an issue, I needed to upgrade to 6.2.3, so I set upgrade globalprotect to allow transparently in the app settings. However, there was no change for 6.2.0 user

GlobalProtect Pre-Logon Prompting for User Certificate

We have GlobalProtect Pre-Logon working with machine certificates however once the user logs into their laptop they are also prompted with thier User Certificate each time. There internal CA does issue machine and user certificates. Is there a way to

Vulnerability Protection for CVE-2024-3400

TL;DR: ensure you are applying Vulnerability Protection to web-browsing traffic hitting your GP portal interface, if you rely on the intrazone-default allow

I was responding to another case of this flu. Even though the best-practice strict VP profi