can anyone help me why athentication failed. Im using Duo v2 with PA ssl vpn here is the video i've followed https://www.youtube.com/watch?v=5kTOOHVE_-o
We started using SAML to authentication into GlobalProtect connected back through Entra. The problem is the user will be prompted to put in their windows credentials the first time they login, but say they disconnect and go to log back in to VPN it bypasses the step where they have to put in the credentials entirely and logs them in. How do we m...
Hi Champions, I have evaluated the IP address to the GlobalProtect gateway on the Palo Alto firewall via Qualys SSL Labs and got the following results. Object > Decryption > Decryption Profile is I am trying to find out how to fix this issue of "This server does not support Forward Secrecy with the reference browsers. Grade capp...
Trying to use a custom vulnerability object to raise a threat alert when a user directly enters a request for access to an IPv4 address . eg http://12.34.56.78 . Ive created a object , with a pattern of (.*((?:\d{1,3}\.){3}\d{1,3})) and applied it to a vulnerability profile that is applied to a bunch of rules . I can see the rules triggered ...
How do I Block MUs that have a back level version of the Global Protect client - in this case 6.2.2(windows and Mac) but not effect the Linux users
Hello.I have a GP portal setup and working with a published app for VMware Horizon. Authentication to the portal is setup with Duo MFA and works as designed. The issue is that I would like to reduce the amount of authentications after the user logs in to the portal. When a user clicks on the the Horizon client HTML5 link, it opens the app page a...
Hi Team, We are facing issue with our global protect agent not connecting after windows imaging with new updates. We were suspecting windows KB5018410 to broke this, but this is not installed. The error we are seeing in logs is "client certficate not found". However, correct certficate chain is already present in the machines. It only works when...
HI Team We are facing an issue where Clientless Portal does not show the login page. Traffic reaches the external firewall we see the connection being allowed but it eventually gets denied with a "DENY - decrypt error". We are using the Go Daddy cert and have ensured the cert chain is complete. The strange part is it works when we use GP C...
Hello, I have configured Global Protect with Portal + External gateway and pre-logon always-on with Enforced Global protect Connection for Network Access. I have enabled Internal Host Detection IPv4. So far this is working great and Global Protect detects if it is in an Internal Network and if it is not it automatically prompts you for authenti...
Hi Everyone, We have a working GP setup and our users connect to the VPN without issues. However, when trying to access the firewall via its management IP while connected to the GP, we cannot reach the firewall. Other network resources specified in the access routes are reachable. Here are the troubleshooting steps I conducted: 1. Ping, SSH,...
I have GP set up for Windows, and it works. When I use a Mac to go to the portal, it says it has moved or does not exist anymore. I have not made changes, not sure what has happened or where to go to make sure MAC will work.
I am trying to disconnect a global protect user on our gateway via the API. I have tested using the API browser and via a CURL command, but no matter what syntax or variation of the username I use, I get the message Remote-VPN-Gateway-N joe.bloggs Invalid user name. Below is the syntax I am using with the XML API based on the documentation. Am I...
Hi All, A client has run into a strange intermittent issue with GP clients not connecting correctly on a new build of a Windows 10 laptop. The issue also randomly happens on some existing domain machines. Basically, the GP client doesn't connect the first time when logging in with a domain account and a registry key needs to edited and / or the...
I am setting up a lspvpn solution to replace a current site to site configuration between our main site and 30 home firewalls. Currently I have Portal A sending traffic to Gateway A and Gateway B. I want to setup a redundant portal so Portal B sends traffic to Gateway A and GatewayB as well. Is this possible? I can get the portal connection ...
All client post 6.2.2 has this annoying popup - simply suggesting "Login Successful" ; Are there ways possible to suppress this non-sensical "Successful login" pop-up. It never used to be on 6.2.2 client. Thanks in advance,
BPry
on:
Rollout Strategy: GlobalProtect Disconnect Comments + 12-Hour Auto-Reconnect
