Hi Team, If we have installed GP with No split tunnel and the Zscaler Client connector with tunnel2.0 which one will take precedence. GlobalProtect
My company uses GlobalProtect VPN and I have a problem that needs help connecting Globalprotect on MacOS.On the company device, it requires a GlobalProtect VPN connection to access company systems, allowed applications. But on MacOS, every time the employee takes the device out of the office and uses a wifi network other than internal wifi, all ...
Hi,Login Successful After Scan Attempt I have a question regarding when user connecting VPN --which means session denied for multiple DC servers--Via global protect VPN. SourceZone:GP-cType -TRAFFICDenied Port-389 which means LDAP.Session End Reason-policy-deny@everyoneonce the user connected VPN with successful authentication Why scanning happe...
Hello, We use Global Protect to connect our employees via VPN to our site. We think we have configured it that way, that the complete traffic is tunneled to our site after establishing the Global Portect connection. Now we see that unencrypted DNS traffic is visible outside the tunnel. The target adress of that DNS traffic is the IP of our G...
Over the past couple of weeks we have been getting more and more support tickets stating that our users can't connect to GlobalProtect VPN. The one common thread they have is they all have T-Mobile Home Internet. Has anyone else noticed this? Is there a fix or workaround? Thank you.
Hi All, I am using CIE and EntraID with SAML to allow logins to GP. This is working very well but I am having an issue. I had a user whose name changed. When logging into GP, it just continuously asks her to log in. Inside of the GP Portal, I get the error 'username from cas sso response is different from the input' and can see where it is tryin...
Hello, I am trying to setup a HIP Profile for contractors accessing our network over Global Protect.This HIP Profile is checking if version of Windows is supported(allowing only 8.1 and 10), then checking if Anti-Malware and Firewall is enabled and as a last check I want to check if Windows patches are up to date.Checks for OS, Anti-Malware and ...
I want to create a security policy containing a HIP profile as follows: if the connecting machine has ALL category 3 updates installed, certain traffic will be released. I'm very confused about creating this in HIP object, as it is about MISSING PATCHES.
My company uses GlobalProtect and we access our net drives through the VPN and access our website using SSO. For some reason, a user cannot access them or log in to our portal when off-prem. Everything works perfectly fine when on-prem, of course, but we've tried everything we can think of. User's device is a Latitude 7420.No rules on home netwo...
We are facing an issue where the Clientless/GP Portal does not show the login page on the browser. When traffic reaches the external firewall, we see the connection being allowed. We are using the Go Daddy cert and have ensured the cert chain is complete on the firewall. The strange part is it works if we use GP Client we can connect to GP Porta...
Hey Palo Alto, EXPLAIN WHY... "Your device doesn't meet security requirements." Then possibly there's something I can do. OR LET ME TURN OFF seeing this EVERY TIME I LOGON TO VPN. PALO ALTO controls this security check, OR my company does... EITHER WAY... the software works... ...just LET ME TURN OFF THE POPUP!
What is the best practice when it comes to MFA for Prisma/Global protect authentication? We are using Azure SAML and leveraging conditional access policies for MFA.
When will a version of GlobalProtect that supports macOS Sequoia be released? David
Hi team, After upgrading to GP agent 6.0.7, we've noticed an unusual change in its appearance, but it is still operating correctly. Please advise on the solution, or should I fully remove it and test again? regards, Akash Thangavel Network Security Engineer
Hello, I've a case where some users can not connect to our GP gateway. Connection through the portal seems fine but then the client won't connect to the gateway. We manually reimported the self signed root certificate into the cert store of the client. Also, this issue only happens to users using a specific ISP. All other users using another...
BPry
on:
Rollout Strategy: GlobalProtect Disconnect Comments + 12-Hour Auto-Reconnect
