This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

New cert GP cert prompt for people testing Yubikeys for windows logon

Some of our IT team is beta testing Yubikeys for Windows Active Directory login. All the appropriate GPO's and CA templates have been created and just a small number of Yubikeys are setup for some IT people. While this works on the windows lock screen and a few other things we are testing like Entra Admin, etc... (plug in, type in pin, tap i...

ksauer507 by L3 Networker
  • 1233 Views
  • 2 replies
  • 0 Likes

Resolved! Geo blocking after GP login

My customer wants to give access based on user group and geo location.Once authenticated the source IP is from the GP-tunnel ip-pool.Can we still determine the source country once the tunnel is setup, or do we need to make that determination, after authentication and before completing the tunnel setup?

CHKlomp by L2 Linker
  • 2424 Views
  • 2 replies
  • 0 Likes

Strange Gateway change issue on network with Prisma Access GP Client

Having some strange behavior with GP client 6.3.3-711 that runs within the prisma access product. When user is on network, or in office, gp changes gateways at times and changes the timezone of the client computer. The client doesn't have issues off network like at coffee shop or home. Not sure what's going on. I am not using any internal host d...

User ID mapping works on DC but not/intermittent on branches for Intune internal users.

Hi All,We have a PA-1410 at DC (with GlobalProtect) and PA-440/410 at branches.Microsoft Intune enrolled devices users authenticate via SAML-Azure AD, non-Intune users via LDAP on-prem AD. User-ID is learned on the DC firewall and redistributed to branches using existing redistribution profiles.Working fine for:Non-Intune internal/external netwo...

Can you configure clientless VPN in SCM ?

I have the license installed and dynamic updates for clientless installed. We only have the Agent Licensing for GP and Prisma. We already have Global protect configured though SCM. But I cannot find anything about clientless vpn setup in SCM. I would have to overide my config directly on the firewall ?

E.Egger by L0 Member
  • 451 Views
  • 0 replies
  • 0 Likes

Embedded Browser agent does not work in GlobalProtect SAML Authentication

The customer is using PAN-OS 10.2.4-h2, and configuring GlobalProtect agent setting "Use the Default System Browser for SAML Authentication" to "No" does not disable the default system browser for GlobalProtect SAML authentication. The embedded browser in GlobalProtect does not work correctly and every time we try to logon though default syste...

GlobalProtect Cert+SAML

Hello, I'm reaching out to see if anyone has configured GlobalProtect with cert+SAML authentication with multiple gateways across multiple firewalls. I've been attempting to configure this, however, whenever I use cert+SAML at the gateway and I attempt to switch gateways after logging in, the logs always show "client cert not present". I h...

GlobalProtect Name Normalization issue

Hello, I have set up GlobalProtect using AZURE SSO for the sign in and for group mapping I am using LDAP. However, in the GPSVC logs, I see users being returned as domain\\username2 slashes. This is causing issues with users not being able to get a client config as I am putting users in specific subnets according to their AD membership.The usern...

Configuring GlobalProtect via Ansible

Hi,I'm working on creating an automated Ansible process through which I can configure GlobalProtect in PAN Firewall.The automaton process I try to create it based on the official Paloalto Repository containing ansible playbooks:GitHub - PaloAltoNetworks/ansible-playbooks: Sample playbooks for the Palo Alto Networks Ansible modules.Unfortunately,...

Resolved! Latest version of PANGP Virtual Ethernet Adapter

I am trying to troubleshoot a GlobalProtect intermittent disconnection issue. I noticed that the client is using V5.02 of GP. The PANGP Virtual Ethernet Adapter driver date is shown as 9th August 2010, and the version is 3.0.1.4. I work on the Helpdesk so the installation is done higher up the food chain. However, a date of 2010 for a driver...

shaun_p by L0 Member
  • 42164 Views
  • 3 replies
  • 0 Likes

Inquiry regarding the maximum number of HIP Objects (vs HIP Profiles)

Hi all, I have a question regarding the system limits for GlobalProtect HIP configurations. I am trying to find out the maximum number of HIP Objects configurable per device. I am currently using a VM-300, but I am also looking for information applicable to other hardware models (PA-Series). I tried running the following command to check the sys...

gp Always disconnect

I've been using GP recently and it keeps disconnecting and reconnecting.I'm sure my network is working properly.I checked the pas log:(P1336-T19828)Debug(2485): 01/22/26 21:59:49:665 Received a tunnel packet with fragment 0x8D(P1336-T4260)Debug(1047): 01/22/26 21:59:50:828 select() timeouts, retry(P1336-T4260)Debug(1047): 01/22/26 21:59:51:840 s...

Juns_Net by L1 Bithead
  • 5686 Views
  • 4 replies
  • 0 Likes

User Removed From LDAP Authentication Group Still Able to Connect to VPN

Hello everyone, I have a user who I removed form all VPN LDAP authentication groups about a week ago and they are still able to connect to the VPN. I was thinking it may have to do with the cookie re-auth but we have it set to expire after 24 hours. I am at a loss as to why they are still able to connect. I was hoping someone has had a simila...

cmaciel by L0 Member
  • 2968 Views
  • 1 replies
  • 0 Likes

Globalprotect Slow/Disconnecting randomly

Hi All, I am having issues with GP disconnecting randomly or slow performance issues, the laptops that it is installed on are Dell Latitude 5450's, over the vast majority there are no discernable issues (circa 2.5k users) however for random users there are these Performance issues and disconnecting when using certain apps (teams being one) reb...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks