We deployed MS Autopilot, is it possible to do join AD domain network remotely via GlobalProtect?
We enabled "Connect Before Logon" but cannot sign in Windows, any idea, please?
We enabled "Connect Before Logon" but cannot sign in Windows, any idea, please?
Hi. Can someone please help me? Thank you in advance. We are currently experiencing issues with a GlobalProtect VPN setup, it is working for users located in Australia but not in the Philippines, we have set it to allow connections from the Philippines and we're able to get to the GlobalProtect web portal to download the VPN but the VPN itself...
Hello Everyone, Has anyone else been facing issues connecting via GP VPN lately? When we try to connect via the agent. It prompts to authenticate via edge. Once that is complete and 2fa is verified on the webpage it states authentication complete and it opens another edge tab to authenticate again and it happens constantly. Steps Taken: ...
Hello Everyone, I build a gp authenticaiton for azure ad saml auth in prisma access, and it works normally. After enable "Endpoint Traffic Policy Enforcement", and missing add lists of enforcer exception list, and then finished push jobs, client can not access microsoft login portal for smal auth, and can not access anywhere. Anyone knows...
when we login to Global protect url is it possible to encrypt it?
In Prisma Access Mobile User, the user GP version was distributed as 6.2.0. However, due to an issue, I needed to upgrade to 6.2.3, so I set upgrade globalprotect to allow transparently in the app settings. However, there was no change for 6.2.0 users, so I installed 6.1.4 as a test and waited, and it was automatically upgraded to 6.2.3 within 5...
Hi to all, I want to import a certificate which is signed and use it as trusted root ca. I saw that there was command on older versions that you could set the certificate as ca=yes. but in my version 10-1-6h7 that command at the cli does not exist. Can anyone help me?
TL;DR: ensure you are applying Vulnerability Protection to web-browsing traffic hitting your GP portal interface, if you rely on the intrazone-default allow I was responding to another case of this flu. Even though the best-practice strict VP profile was attached to the rule allowing access to the GlobalProtect interface, a test for the vuln (...
Hi, We have a user who is traveling to a restricted location and will need to connect to our client-less Global Protect Web Portal using a local account. Is there a way to have this one user change their password after successful initial login to our client-less Global Protect Web Portal? There is the option "Require Password Change on First Log...
Hello, I am trying to find out more information about a GP portal setting called Machine Certificate Check under Portal Configuration / Agent / Agent Config / Config Selection Criteria / Device Checks. I was hoping to use a machine certificate check outside of the authentication tab to allow or disallow machines based on user/user group, but I...
Hi All – Just curious on when to get concerned about unauthorized GP login attempts. I’ve had a person from the RU making login attempts on our GP for about a year now. I speculate they are new at this, after a while they learned how to mask the ‘HOST NAME’ and use VPN, tho they do use the same IP and region, like I said, probably new at this. S...
After migrating to PA-1410 from a PA-3200, the Duo 2-FA challenge message stopped showing up on the GP portal page after the initial AD credentials authentication. The functionality is working fine as the textbox for the 2-FA options shows up and proceeds as usual after the user's input, its just that the Duo login banner text that should show u...
I have successfully configured a working POC for exactly how I want our users to connect to Globalprotect. We have a SAML authentication profile configured for both the Portal and Gateway each each with the same certificate profile configured. I created the "machinecert" using the firewall as a CA and manually installed the cert. When it ...
Goal: When a user connects to the Globalprotect Portal it will authenticate using the LDAP authentication profile, and check for the presence of a certificate on the device. If the device(in my case I'm only going to use Windows 10 PCs) does not have the certificate, the authentication will fail. What I've done so far: The LDAP authenticati...
We have setup Globalprotect to connect to EntraID using SAML. Our goal is to have the user get prompted to enter in MFA everytime they connect to the GlobalProtect portal. How can I do this?
| Subject | Likes |
|---|---|
| 2 Likes | |
| 1 Like | |
| 1 Like | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |

