This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! Palo Alto Global Protect clients failing to connect intermittently

We have Global Protect installed on all of our corporate laptops and our users fall into one of two scenarios:1. They are a remote user; cannot reach the host we have defined for Internal Host Detection and are required to authenticate to the Gateway with DUO.2. They are an "on-site" and can reach the host we set for Internal Host Detection and ...

Assign private IP address failed

We buy GlobalProtect VPN as a service from a third party, for 1000+ users, and though the service worked well for some months our users have been plagued by login issues since the Christmas/New Year break - something changed, but we don't know what. The issue is that login fails with "Assign Private IP address failed". It's difficult to estimate...

Disconnect Internally but not remotely

We have some users who need to connect to part of our network that isn't routable which means GP cannot connect when they are plugged into it. In order for them to do their work, they need to be able to disconnect from GP. I am wondering if there is a setup where if the user is on the internal network and connected to an internal gateway, th...

Resolved! Pre-Populate Multipule Portal Addresses

I would like to know if there is a way to setup the .msi file to pre-populate the portal ip addresses for my users.I found this kb article on how to set it up (How to predefine Global Protect portal address using Microsoft ... - Knowledge Base - Palo Alto Networks), but I have multipule portals I need to add. This only has instructions for a si...

M.Maus by L1 Bithead
  • 2851 Views
  • 2 replies
  • 0 Likes

global protect connection failed authentication failed !!!

Hi All, We are currently experiencing the following error when attempting to log into Global Protect ( screenshot attached ). Curiously this is happening after getting prompted via Duo . We are using SAML Identity provider for authentication via DUO . All was working fine until yesterday . The last relevant Global Protect logs make reference...

HThiam_0-1770847291006.png
H.Thiam by L2 Linker
  • 1666 Views
  • 3 replies
  • 0 Likes

New cert GP cert prompt for people testing Yubikeys for windows logon

Some of our IT team is beta testing Yubikeys for Windows Active Directory login. All the appropriate GPO's and CA templates have been created and just a small number of Yubikeys are setup for some IT people. While this works on the windows lock screen and a few other things we are testing like Entra Admin, etc... (plug in, type in pin, tap i...

ksauer507 by L3 Networker
  • 1320 Views
  • 2 replies
  • 0 Likes

Resolved! Geo blocking after GP login

My customer wants to give access based on user group and geo location.Once authenticated the source IP is from the GP-tunnel ip-pool.Can we still determine the source country once the tunnel is setup, or do we need to make that determination, after authentication and before completing the tunnel setup?

CHKlomp by L2 Linker
  • 2534 Views
  • 2 replies
  • 0 Likes

Strange Gateway change issue on network with Prisma Access GP Client

Having some strange behavior with GP client 6.3.3-711 that runs within the prisma access product. When user is on network, or in office, gp changes gateways at times and changes the timezone of the client computer. The client doesn't have issues off network like at coffee shop or home. Not sure what's going on. I am not using any internal host d...

User ID mapping works on DC but not/intermittent on branches for Intune internal users.

Hi All,We have a PA-1410 at DC (with GlobalProtect) and PA-440/410 at branches.Microsoft Intune enrolled devices users authenticate via SAML-Azure AD, non-Intune users via LDAP on-prem AD. User-ID is learned on the DC firewall and redistributed to branches using existing redistribution profiles.Working fine for:Non-Intune internal/external netwo...

Can you configure clientless VPN in SCM ?

I have the license installed and dynamic updates for clientless installed. We only have the Agent Licensing for GP and Prisma. We already have Global protect configured though SCM. But I cannot find anything about clientless vpn setup in SCM. I would have to overide my config directly on the firewall ?

E.Egger by L0 Member
  • 491 Views
  • 0 replies
  • 0 Likes

Embedded Browser agent does not work in GlobalProtect SAML Authentication

The customer is using PAN-OS 10.2.4-h2, and configuring GlobalProtect agent setting "Use the Default System Browser for SAML Authentication" to "No" does not disable the default system browser for GlobalProtect SAML authentication. The embedded browser in GlobalProtect does not work correctly and every time we try to logon though default syste...

GlobalProtect Cert+SAML

Hello, I'm reaching out to see if anyone has configured GlobalProtect with cert+SAML authentication with multiple gateways across multiple firewalls. I've been attempting to configure this, however, whenever I use cert+SAML at the gateway and I attempt to switch gateways after logging in, the logs always show "client cert not present". I h...

GlobalProtect Name Normalization issue

Hello, I have set up GlobalProtect using AZURE SSO for the sign in and for group mapping I am using LDAP. However, in the GPSVC logs, I see users being returned as domain\\username2 slashes. This is causing issues with users not being able to get a client config as I am putting users in specific subnets according to their AD membership.The usern...

Configuring GlobalProtect via Ansible

Hi,I'm working on creating an automated Ansible process through which I can configure GlobalProtect in PAN Firewall.The automaton process I try to create it based on the official Paloalto Repository containing ansible playbooks:GitHub - PaloAltoNetworks/ansible-playbooks: Sample playbooks for the Palo Alto Networks Ansible modules.Unfortunately,...

Resolved! Latest version of PANGP Virtual Ethernet Adapter

I am trying to troubleshoot a GlobalProtect intermittent disconnection issue. I noticed that the client is using V5.02 of GP. The PANGP Virtual Ethernet Adapter driver date is shown as 9th August 2010, and the version is 3.0.1.4. I work on the Helpdesk so the installation is done higher up the food chain. However, a date of 2010 for a driver...

shaun_p by L0 Member
  • 42347 Views
  • 3 replies
  • 0 Likes
  • 2073 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks