Global Protect DNS Issue

Hi Team,

We are facing a weird issue with GP. Random users connecting to GP is being assigned with the Loopback IP(127.0.0.1) as DNS. They have to go to settings and then remove the loopback IP from the DNS only then it starts working. This is not fo

Comp certificate expired, how to allow users to log in

Hi,

Few of my users have not connected to GP (and to AD) for extended period of time and their computer certificate has expired.

They are remote, so coming to office would be problematic - continent-size problematic 

I was under impression, that w

DNS Query Blocking for Remote VPN Users

We have an environment that has a requirement where GP DNS Queries need to be blocked from Remote VPN users if those queries are destined to specific domains A and B (proxy servers). This requirement aims to achieve split-tunneling where a remote VPN

GlobalProtect and Cisco Umbrella Open DNS blocking DNS queries

Hi,

We have circa 500 GlobalProtect clients. Setup is Always-on, network enforcement, SAML auth. In one region we also have Cisco  Umbrella OpenDNS agents installed. This week we started seeing a problem localized to users in 1 country, France, whe

GlobalProtect client verison branches

Can anyone explain the different branch version for GlobalProtect? 

There are currently five different branches available for Win64 - 5.1, 6.0, 6.1, 6.2 and 6.3 - with two different 'preferred' versions (6.1.4, 6.2.3). 

The branches seem unrelated to o

GP - Pre-Login

Hi All,

I have a GP Portal with a few different agent configurations.  Depending on the user's AD group, they may have different settings.  Current setup for all agent configs is Always-On.  I want to enable pre-logon(always on) for a specific use

Global protect gateway

Bonjour,

Pour accéder aux ressources internes il faut configurer un portail sur global protect. Le portail nous permettra de nous connecter à la passerelle.

Pour monter un tunnel ipsec, il faut d'abord se connecter à une passerelle qui se trouve da

Testing 2FA with requiring device certificate and password

Hello All, 

We currently only require Password or certificate when using global protect. We already have device certificates deployed using PKI on our domain computers. 

My question is where do I apply this policy for testing? I notice under client a

GlobalProtect Client Log Dump Format

Hi,

I would like to parse and correlate multiple .log files from GP log dump.

Example log from PanGPS.log

Globalprotect Self Signed certificate with Chrome

Hi,

Starting from one or two month ago, maybe after a Chrome update, I'm unable to open the globalprotect login page on my firewall with Google Chrome.

It doesn't depends on the client OS, it happens wth Google Chrome (all other browser are working f

Global Protect 6.2.3 opening 2 Sign-in tabs for SAML

Hello all,

Curious to see if anyone else is running into this issue. Please note this is different then the 2 tabs that would open after completing authentication via SAML on the global protect client. I had ran into that issue before, but that was

Prelogon users connected to Userlogon Gateway

I'm working on a Global Protect Setup with the following. A single Portal that leads to 2 Gateways one for prelogon users and then the second for users that have signed into their machines. The tunnel renames itself when the user logs into their mach

PANGP virtual ethernet adapter disables

I noticed that the PANGP virtual ethernet adapter disables when Global Protect VPN is not running. Once I launch Global Connect VPN and complete the connection, PANGP virtual ethernet adapter becomes enabled. Is this normal?

I discovered this afte