LDAP integration with Paloalto

Hello Team,

We have global protect configured on prisma that is managed by Panorama. currently our global protect users authenticate by SAML.

Now, our requirement is we want LDAP integration so our global protect users can authenticate by LDAP fo

Down a Global Protect Gateway

I was presented with a interesting question.  If the inside interface of a Firewall hosting an external GlobalProtect Gateway is down, will the Palo allow users to still connect to that Gateway

My testing has indicated, yes users will connect but be d

GlobalProtect UI rendering on Ubuntu

I'm giving the 6.2 client a spin on Ubuntu 22.04 and when using scaled screen resolution (fractional or otherwise) The UI becomes garbled.

This is also the case for the new popup when deploying client certificates and the user is prompted for a passwo

Ubuntu 24.04 Frequent Network Restarts After Connecting to VPN with GlobalProtect 6.1

After installing GlobalProtect version 6.1.4 and connecting to the VPN, my device's network frequently restarts. This issue occurs every second, causing the network to start and stop continuously.

Details:

• GlobalProtect Version: 6.1.4
• Device: HP Lapto

Best Practices for Global Protect Machine and User Cert Authentication

GlobalProtect 6.2.1 Ubuntu DNS issues

Having the strangest issue on Ubuntu 24.04.1 with GP 6.2.1

Connection works about 75% of the time. Regularly I'm getting an issue where DNS fails to resolve over the VPN tunnel.

I've confirmed with wireshark that the DNS requests are being forwarded

Exclude Device from HIP check

Hello,

I have setup a HIP object\profile that does not allow a computer to connect if it does not belong to our domain and it is working as it should.

My question is if there is a way to exclude a device from this HIP check and it would be allowed to c

GP HIP check GP software version

Is there a way to perform check / enforce endpoint to have a specific version of GP rules ? 

Internal host Detection and cookie authentication override on portal/gateway

Hello,

I configured prisma access with GP Portal + External gateway and pre-logon always-on with Enforced Global protect Connection for Network Access, and also enable Internal host detection and cookie authentication override on both portal/gatewa

Alert for when Client VPN IPs are exhausted

Is there a way to setup an alert for when clients exhausted the Client IP pool or are close?

Device Block List for GlobalProtect - where is it in v10.x?

Both this: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/host-information/block-device-access

and HELP indicate an DEVICE BLOCK LIST available for GlobalProtect.  When in the FW GUI I should see it in the GlobalProtect menu.

GlobalProtect Group Mapping for Azure SAML

Hi All,

I have configured Azure with Global protect enterprise application for SAML and configured the Group claim attribute as "group -> user.group" which as 3 usergroups Sales, IT , and Developers.

And in the Palo alto firewall (10.2.8), SAML

global protect ipv6 support

hi everyone,

I have GP configured for ipv4, it works (I also have both ipv4 and ipv6 addresses delivered via dynamic assignments from the isp for the internet link)

in the configuration if GP I use "none" under the IP assignments for ipv4 as I gues