This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Can't change SSO on GlobalProtect

Hello We use GlobalProtect at our company for our own VPN access but we also need to access customer's VPN which also uses GlobalProtect. Out of 12 people, 2 are having the same issue. They don't receive the pop-up SSO screen to switch the account ID, it simply uses the company's ID and customer's VPN won't authorize it. We have done a clean uni...

Global protect installs but does it?

I have a new surface pro home edition with windows 11 and my company requires this vpn. I am including the logs below. The install process seems to go fine and using 64bit. the vpn icon will shopw in the system tray and the service shows running in task manager. The trouble is when setting up the vpn connection nothing happens when you click sel...

GlobalProtect signing in too quickly

I'm currently seeing an issue with GlobalProtect prompting for credentials if you sign into the account too quickly. My setup uses GlobalProtect in pre-logon always on VPN mode (kerberos) and the computer I'm using is Windows 11. If I sign into the computer before allowing the pre-logon tunnel to form, this appears to cause it prompt for credent...

bts-cc by L0 Member
  • 1589 Views
  • 2 replies
  • 0 Likes

What focal_rpm is?

Hello all, have a question - recent GP archive contains focal_rpm packages alongside with just rpms. Same is for deb. What is this "focal" version of GP and what is the difference? Thanks.

FIDO2 support for GlobalProtect client does work in Embedded browser

FIDO2 Security cards during Entra ID SAML authentication does not work. The option to select a hardware "security key" during the Entra ID login flow is not shown. Only the built-in/embeded GlobalProtect web browser exhibits this issue. We tried the workaround to use the default OS browser for authentication, but the integration is not very sm...

VDI and Global Protect (VMware Horizon)

I tried doing a lot of searching but could not find anything to help me out. I am trying to capture Global Protect as a virtual application so that it is not on my golden image (only a handful of people need it). I am able to install the software, but I keep getting an error that it cannot connect to the Global Protect service. The service (proc...

Sterks25 by L0 Member
  • 2037 Views
  • 0 replies
  • 0 Likes

GP APP is in the Connecting... state and I can't do anything.

The mobile GP APP was distributed, and user authentication was configured with Entra-ID SAML. At this time, if the account is entered incorrectly or terminated during browser authentication in the mobile GP APP, the GP APP is in the connecting state, and I cannot do anything. After testing several times, I found that on Android, when I resta...

image.png
Leekw24 by L0 Member
  • 744 Views
  • 0 replies
  • 0 Likes

SAML Authentication into GlobalProtect

We started using SAML to authentication into GlobalProtect connected back through Entra. The problem is the user will be prompted to put in their windows credentials the first time they login, but say they disconnect and go to log back in to VPN it bypasses the step where they have to put in the credentials entirely and logs them in. How do we m...

A.Goble by L0 Member
  • 1027 Views
  • 1 replies
  • 0 Likes

This server does not support Forward Secrecy with the reference browsers. Grade capped to B.

Hi Champions, I have evaluated the IP address to the GlobalProtect gateway on the Palo Alto firewall via Qualys SSL Labs and got the following results. Object > Decryption > Decryption Profile is I am trying to find out how to fix this issue of "This server does not support Forward Secrecy with the reference browsers. Grade capp...

Oliver_Dalugodage_0-1724221684555.png
Oliver_Dalugodage_1-1724222240030.png

Custom vulnerability object trigger

Trying to use a custom vulnerability object to raise a threat alert when a user directly enters a request for access to an IPv4 address . eg http://12.34.56.78 . Ive created a object , with a pattern of (.*((?:\d{1,3}\.){3}\d{1,3})) and applied it to a vulnerability profile that is applied to a bunch of rules . I can see the rules triggered ...

Setting Up SSO In GlobalProtect Clientless VPN Portal App

Hello.I have a GP portal setup and working with a published app for VMware Horizon. Authentication to the portal is setup with Duo MFA and works as designed. The issue is that I would like to reduce the amount of authentications after the user logs in to the portal. When a user clicks on the the Horizon client HTML5 link, it opens the app page a...

Jesse_K by L0 Member
  • 14097 Views
  • 10 replies
  • 2 Likes

global protect agent not connecting after windows imaging with new updates.

Hi Team, We are facing issue with our global protect agent not connecting after windows imaging with new updates. We were suspecting windows KB5018410 to broke this, but this is not installed. The error we are seeing in logs is "client certficate not found". However, correct certficate chain is already present in the machines. It only works when...

Jagdeep1 by L2 Linker
  • 1287 Views
  • 1 replies
  • 0 Likes

Clientless VPN Decrypt error - 10.2.9-h1

HI Team We are facing an issue where Clientless Portal does not show the login page. Traffic reaches the external firewall we see the connection being allowed but it eventually gets denied with a "DENY - decrypt error". We are using the Go Daddy cert and have ensured the cert chain is complete. The strange part is it works when we use GP C...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks