This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Default-browser setting overwritten

Our company uses GlobalProtect and I have this working on Linux. They recently made a change to the settings so that the <default-browser>yes</default-browser> has been removed from pangps.xml. This has caused some upset as the built-in browser appears to have some issues with our 2-factor authentication. I assumed that I could th...

Resolved! Portal and Gateway PanOS versions

As our PA220s which are running our GP Portals are unable to be updated beyond 10.2, but our GP Gateways will need to be updated at some point, I was wanting to ask if there are any issues with the 2 functions being on differing PanOS versions? And if the answer is sort of, is there a limit to the difference that is acceptable?

Global Protect DNS Issue

Hi Team, We are facing a weird issue with GP. Random users connecting to GP is being assigned with the Loopback IP(127.0.0.1) as DNS. They have to go to settings and then remove the loopback IP from the DNS only then it starts working. This is not for all users. Random users are facing this issue. Anyone faced this kind of issue? or any input on...

Comp certificate expired, how to allow users to log in

Hi, Few of my users have not connected to GP (and to AD) for extended period of time and their computer certificate has expired. They are remote, so coming to office would be problematic - continent-size problematic 🙂 I was under impression, that when i change Authentication profile from "Require username AND device cert" to "Require username...

R.Tryba by L1 Bithead
  • 3963 Views
  • 5 replies
  • 0 Likes

DNS Query Blocking for Remote VPN Users

We have an environment that has a requirement where GP DNS Queries need to be blocked from Remote VPN users if those queries are destined to specific domains A and B (proxy servers). This requirement aims to achieve split-tunneling where a remote VPN user would reach the cloud server of these domains but using the host physical interface when re...

User868 by L1 Bithead
  • 764 Views
  • 0 replies
  • 0 Likes

GlobalProtect and Cisco Umbrella Open DNS blocking DNS queries

Hi, We have circa 500 GlobalProtect clients. Setup is Always-on, network enforcement, SAML auth. In one region we also have Cisco Umbrella OpenDNS agents installed. This week we started seeing a problem localized to users in 1 country, France, where they could not connect to GlobalProtect. Upon investigation, we narrowed it down to DNS reso...

GlobalProtect client verison branches

Can anyone explain the different branch version for GlobalProtect? There are currently five different branches available for Win64 - 5.1, 6.0, 6.1, 6.2 and 6.3 - with two different 'preferred' versions (6.1.4, 6.2.3). The branches seem unrelated to other branches. What's the reason for this? Why not one branch with incremental updates?

GP - Pre-Login

Hi All, I have a GP Portal with a few different agent configurations. Depending on the user's AD group, they may have different settings. Current setup for all agent configs is Always-On. I want to enable pre-logon(always on) for a specific use case without impacting all the other users. What's the best way to go about this? If I were cre...

Global protect gateway

Bonjour, Pour accéder aux ressources internes il faut configurer un portail sur global protect. Le portail nous permettra de nous connecter à la passerelle. Pour monter un tunnel ipsec, il faut d'abord se connecter à une passerelle qui se trouve dans le cloud prisma (la passerelle la plus proche de votre localisation) quelle IP doit on renseigne...

Sarou22 by L2 Linker
  • 939 Views
  • 0 replies
  • 0 Likes

Testing 2FA with requiring device certificate and password

Hello All, We currently only require Password or certificate when using global protect. We already have device certificates deployed using PKI on our domain computers. My question is where do I apply this policy for testing? I notice under client authentication you can have multiple profiles that require password and/or password authentication...

MNoble by L2 Linker
  • 1160 Views
  • 1 replies
  • 0 Likes

GlobalProtect Client Log Dump Format

Hi,I would like to parse and correlate multiple .log files from GP log dump.Example log from PanGPS.log (P5200-T7744)Debug(1916): 05/16/22 12:47:28:106 Send response to client for request hip-ack │(P5200-T7744)Dump (11923): 05/16/22 12:47:28:106 Set m_bPreviousSwitchOffMsg to 0 Do you know what are the types/meaning of the fields?Thank you

Globalprotect Self Signed certificate with Chrome

Hi, Starting from one or two month ago, maybe after a Chrome update, I'm unable to open the globalprotect login page on my firewall with Google Chrome. It doesn't depends on the client OS, it happens wth Google Chrome (all other browser are working fine). The error I get is "ERR_SSL_KEY_USAGE_INCOMPATIBLE". The certificate is generated by the fi...

Resolved! Global Protect two MFA prompts for Portal and Gateway

Hello, I'm trying to understand the difference between 'Generate cookie for authentication override' and 'Accept cookie for authentication override' on both portals and gateways. I went through all the official guides but still can't seem to understand. Suppose we have MFA set up for both the portal and the gateway. Every time someone tries to...

vsurresh by L1 Bithead
  • 4631 Views
  • 3 replies
  • 0 Likes

Global Protect 6.2.3 opening 2 Sign-in tabs for SAML

Hello all, Curious to see if anyone else is running into this issue. Please note this is different then the 2 tabs that would open after completing authentication via SAML on the global protect client. I had ran into that issue before, but that was easily fixed when enabling cookies and enabling "Use default browser for SAML Auth". All was wor...

RollandDavis_0-1718307906708.png
RollandDavis_1-1718308025344.png
  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks