This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

GP Settings

I would like to limit the number of VPN sessions as 1 a user can connect to. For example, if I have already connected VPN from laptop A and attempt to connect VPN from laptop B, I want to block connection or terminate existing connection. Is it possible to do this? Regards, Sanjay S

Understanding pre-logon logs

I'm trying to understand the global protect logs I am seeing. I see bad actors from various countries trying to brute force username/passwords. I always see 2 logs per attempt. 1 Portal-auth Login Failure, and 1 portal-prelogin before-login success. Prelogin should be setup to require a cert so I'm not sure why it's saying portal-prelogi...

Verac22_0-1726172808735.png
Verac22 by L2 Linker
  • 1211 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect On-Demand using authentication profile and user certificate from PKI on gateway

I'm trying to setup a GlobalProtect On-Demand environment.The portal uses an LDAP server profile for authentication and has been validated to be working fine.I intend to configure the gateway to use a combination of RADIUS and certificate profile to authenticate. I've confirmed that authentication works without the certificate profile.My underst...

DelvinC by L2 Linker
  • 7227 Views
  • 6 replies
  • 0 Likes

Verifying Pre-Logon or User Logged into GP Remotely.

We have some Windows machines on GP that connect via a pre-logon tunnel which then fully connects when the user logs in. We would like to target machines for a specific package installation push only when the VPN is fully connected (i.e. not connected via pre-logon, but an actual authenticated user). My question is, are there any checks that c...

Global Protect not working with MacOS Sonoma

Hello folks, i have a massive issue with GLobalProtect since the MacOS Sonoma Upgrade. It does not connect to the VPN Service. It tries to connect for a minute or so, but than it just says it can not. I don't even get to the part to insert a user or password. I checked to official website, and the client my company is using is 6.0.7-372, ...

Raphael_0-1701168080764.png
Raphael by L0 Member
  • 19350 Views
  • 7 replies
  • 1 Likes

Global Protect Captive Portal allowing defender to see other devices on network

Hi, Our security team is seeing Windows defender able to probe guest wifi at hotels and see other devices like phones and laptops on the network, until Global Protect can finally connects to one of our gateways. They want the network restricted to just the captive portal for the hotel until connected to a gateway. Anyone know what can be restr...

Resolved! Prisma Access Security policy enforcement

So I was looking at prisma access content and came across this: If traffic is initiated from a service connection and bound for a mobile user or a remote network, Prisma Access cannot restrict the traffic. The traffic hits no security-enforcement point, because the RN-SPN and MU-SPNs enforce Security policy only on sessions ingressing into Prism...

global protect whoami

Hello, I am seeing a weird activity from globalprotect agents where the agent is trying to execute wa3_3rd_party_host.32.exe and the agent after that is executing whoami command. PS: the HIP policy is disabled on the firewall

BARaha by L0 Member
  • 1204 Views
  • 1 replies
  • 0 Likes

Resolved! Does Global Protect RADIUS support Message Authentication? (to mitigate BlastRADIUS 9/10 CVSS vulnerability )

Does the Global Protect RADIUS implementation support Messaging Authentication? If not, how quickly will a hotfix to patch this vulnerable implementation of RADIUS be released? Background info: When configuring Global Protect we used RADIUS to integrate RSA Secure ID as a second factor to LDAP, to ensure it took more than just a password to ...

mmason by L1 Bithead
  • 7204 Views
  • 6 replies
  • 0 Likes

Consuming user group in GlobalProtect SAML Authentication

A bit of background: We are an all-Google G Suite company. We do not have internal LDAP servers. Everyone auths to Google. We are using PA 3060s as our firewalls and VPN systems. We are getting ready to turn on SAML authentication for GlobalProtect. We are using Google as our IdP. I've gotten it working, but I want to make policy decisions based...

Intune with IOS and Global Protect, utilizing certificate-based authentication troubles.

We have been trying to migrate a client from Airwatch to Intune for MDM management. Part of this deployment was implementing certificate-based authentication for their Global Protect VPN client. We have been successful with Windows, and Android. However, we have not been able to get MacOS, iPadOs, or IOS to work successfully. all the Error logs...

Global protect: separate vendors and employees

Setup: We have one GP portal and one gateway currently, used by employees and vendors. All GP users are authenticated with Entra and Duo MFA. We are using a public cert. for the FQDN and a single IP in the current setup. Vendors are assigned to a different subnet than employees when connecting to GP. Change: We want to use the Entra authentica...

ChuckW by L1 Bithead
  • 1522 Views
  • 2 replies
  • 0 Likes
  • 2079 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks