PAN OS 9.1.17 Global Protect Issues

I upgraded from PAN OS 9.1.14 to 9.1.17 on Dec 27, 2023

Ever since the upgrade, I have random users that cannot connect through VPN GP at the first time. Some users experience connect disconnect issues as well. Some users are working just fine.

W

GP VPN fail on iphone ios

Hi,

I face with issue GP VPN fail to login on iphone ios 15.8. The error show Portal login, error = The certificate for this server is invalid. You might be connecting to a server that is pretending to be “119.x.x.x” which could put your confidenti

Customer Support

very disappointed with Palo Alto services , customer service doesn't pickup the call and they doesn't care about the customer case. day by day services are going worst .

Global Protect firewall allowed rule

Hi,

I'm creating a firewall rule to allow TCP 443/UDP 4501 (Global Protect) to go through the firewall, and I want to know if I need to allow bidirectional for the UDP 4501?

Thank you,

Device Block List for GlobalProtect - where is it in v10.x?

Both this: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/host-information/block-device-access

and HELP indicate an DEVICE BLOCK LIST available for GlobalProtect.  When in the FW GUI I should see it in the GlobalProtect menu.

GlobalProtect 6.1.0 for Linux Fedora 39

hi all,

Our EU is currently on GlobalProtect 6.1.0 on PA-5250 firewall, we just wondered if this GP 6.1 support Linux Fedora 39? I tried to find any legit resources that would mention this but couldnt find anything helpful. Would like to share the

How to validate user/endpoint is fetching which profile from GP Portal Agent configuration.

Hello Team, 

I have configured multiple agent profiles in the GP Portal and I want to verify which agent profile is currently being fetched by individual user, How do i verify that from the firewall or endpoint?

Context: I have profile 1 which has

GlobalProtect 6.2.2 connects automatically despite on-demand is enabled

Hello everyone,

After upgrading GlobalProtect from 5.x to 6.2.2 users started to complain that GP is connecting automatically after logging in to OS. Agent App configuration hasn't been changed and still is On-demand.

There is addressed issue in GP

HIP Checks failing GP failing GP users called in ACL's when source device is Apple

Hi All,

So I have Global Protect running with the HIP license.  Our current conditions for HIP connectivity are; 1. Must be Windows 10 or 11, must have Crowdstrike installed and running, must have Zscaler Client Connector installed and running.  I

Please share link to Download and Install the GlobalProtect App for Linux CLI version

Hello Team,

Please share link to Download and Install the Global Protect App for Linux CLI version

Requesting to share the link at the earliest

Thanks & Regards / ramu

Domain Split tunnel 'under the hood'

hey, 

can someone please explain how this feature work from the stage of open the browser and surf to www.google.com until the GP client decide it should enter the tunnel?

for example

1. GP listen on the nic for dns queries

2. GP check with the s

Global Protect on macOS Sonoma 14.2 (betas and now release)

I generally try to run macOS beta version to jump ahead of any issues.  I've been running macOS Sonoma 14.2 beta (2 and 4, specifically).  In my testing, the Global Protect VPN client successfully connects (we're using certificates on in this case) b

global protect ipv6 support

hi everyone,

I have GP configured for ipv4, it works (I also have both ipv4 and ipv6 addresses delivered via dynamic assignments from the isp for the internet link)

in the configuration if GP I use "none" under the IP assignments for ipv4 as I gues

SAML Authentication - Users not prompted for password or MFA

Hi all,

We've setup SAML / SSO and all works OK , however, when GlobalProtect starts, it automatically connects without asking for any creds. I'm assuming this is a result of the machine being joined to the same domain so the password is not needed.

GlobalProtect Logon Banner with Accept button

I'm trying to figure out if therre's a way to configure GlobalProtect to prompt the end users to accept a logon banner message when they've entered their credentials successfully in the GlobalProtect app. Cisco Anyconnect can accomplish this in the g