GlobalProtect SAML Login Loop

Hi All,

I am using CIE and EntraID with SAML to allow logins to GP. This is working very well but I am having an issue. I had a user whose name changed. When logging into GP, it just continuously asks her to log in. Inside of the GP Portal, I get the

HIP check Patch Management

Hello, I am trying to setup a HIP Profile for contractors accessing our network over Global Protect.
This HIP Profile is checking if version of Windows is supported(allowing only 8.1 and 10), then checking if Anti-Malware and Firewall is enabled and a

HIP Global Protect

I want to create a security policy containing a HIP profile as follows: if the connecting machine has ALL category 3 updates installed, certain traffic will be released. I'm very confused about creating this in HIP object, as it is about MISSING PATC

Device cannot access network resources or SSO

My company uses GlobalProtect and we access our net drives through the VPN and access our website using SSO. For some reason, a user cannot access them or log in to our portal when off-prem. Everything works perfectly fine when on-prem, of course, bu

Clientless/GP portal does not load in browser on 10.2.9-h1

We are facing an issue where the Clientless/GP Portal does not show the login page on the browser.

When traffic reaches the external firewall, we see the connection being allowed. We are using the Go Daddy cert and have ensured the cert chain is comp

MFA and Global Protect

What is the best practice when it comes to MFA for Prisma/Global protect authentication?

We are using Azure SAML and leveraging conditional access policies for MFA.

GlobalProtect support for macOS 15 (Sequoia)?

When will a version of GlobalProtect that supports macOS Sequoia be released?

David

Post-upgrade to 6.0.7-372, the GP Agent , portal login displaying unusual.

Hi team,

After upgrading to GP agent 6.0.7, we've noticed an unusual change in its appearance, but it is still operating correctly.

Please advise on the solution, or should I fully remove it and test again?

regards,

Akash Thangavel

Network Sec

Could not verify the server certificate of the gateway. If the issue persists, contact your administrator

Hello,

I've a case where some users can not connect to our GP gateway. Connection through the portal seems fine but then the client won't connect to the gateway.

We manually reimported the self signed root certificate into the cert store of the c

GlobalProtect not connecting due to Duo Security software but only with GlobalProtect

GlobalProtect not connecting due to Duo Security software not pulling up but only with GlobalProtect. Duo Security working normal on same machine with MS Outlook software.  Was working prior, adjusted security settings -  now not working, no adjustme

Costa Rica Global Protect users are automatically falling back to the Hong Kong gateway

Hello Team,

We can see the user through STRATA logging services logs that user in Costa Rica regions are automatically connected to the Hong Kong gateway.

Also, we got escalation from client that they have seen Hong Kong users are accessing the URL

Pre-Logon Machine Certificate

Hello All,

My issue is regarding the Machine Certificate selection in the Global Protect Agent.

Background information:

• We are using our own internal PKI (Active Directory). Our CA root has been imported and other systems are known to be working fi

Gateway Unresponsive or unreachable.

Unable to connect to one of our global protect gateways. Debug log of PanGPS attached with its attempt to connect to the gateway. I have checked all the gateway settings, and they match the working gateway, so I am at a loss on what to look for. The

split tunnel

Hi Team,

We are using global protectect and using split tunnel where all LAN traffic gose through global protect and internet traffic through their own ISP

Is it possible to route specific traffic, such as access to https://ab.xyz.com/something/#, th