This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! certificate ca

Hi to all, I want to import a certificate which is signed and use it as trusted root ca. I saw that there was command on older versions that you could set the certificate as ca=yes. but in my version 10-1-6h7 that command at the cli does not exist. Can anyone help me?

kvagenas by L1 Bithead
  • 2601 Views
  • 1 replies
  • 0 Likes

Vulnerability Protection for CVE-2024-3400

TL;DR: ensure you are applying Vulnerability Protection to web-browsing traffic hitting your GP portal interface, if you rely on the intrazone-default allow I was responding to another case of this flu. Even though the best-practice strict VP profile was attached to the rule allowing access to the GlobalProtect interface, a test for the vuln (...

mb_equate by L3 Networker
  • 2602 Views
  • 2 replies
  • 0 Likes

Resolved! Global Protect VPN client-less web portal local account

Hi, We have a user who is traveling to a restricted location and will need to connect to our client-less Global Protect Web Portal using a local account. Is there a way to have this one user change their password after successful initial login to our client-less Global Protect Web Portal? There is the option "Require Password Change on First Log...

GP Agent Machine Certificate Check

Hello, I am trying to find out more information about a GP portal setting called Machine Certificate Check under Portal Configuration / Agent / Agent Config / Config Selection Criteria / Device Checks. I was hoping to use a machine certificate check outside of the authentication tab to allow or disallow machines based on user/user group, but I...

browser certificate prompt when trying to connect with Gp portal

the scenario NDES server SCEP certificate profile intune auto enrolled windows 11 machine with business hello configured our setup is look for certificates in the machine store and specific OID (registry setting and PA end) when trying to connect via vpn, the browser prompts for certificate (user cert in this) you can select it , press ok an...

Unauthorized GP login attempts

Hi All – Just curious on when to get concerned about unauthorized GP login attempts. I’ve had a person from the RU making login attempts on our GP for about a year now. I speculate they are new at this, after a while they learned how to mask the ‘HOST NAME’ and use VPN, tho they do use the same IP and region, like I said, probably new at this. S...

chipabf by L0 Member
  • 16246 Views
  • 6 replies
  • 0 Likes

Duo two factor authentication challenge message not showing in GP Portal

After migrating to PA-1410 from a PA-3200, the Duo 2-FA challenge message stopped showing up on the GP portal page after the initial AD credentials authentication. The functionality is working fine as the textbox for the 2-FA options shows up and proceeds as usual after the user's input, its just that the Duo login banner text that should show u...

Globalprotect - machine/device cert for Portal and Gateway "certificate profiles" - how to best distribute

I have successfully configured a working POC for exactly how I want our users to connect to Globalprotect. We have a SAML authentication profile configured for both the Portal and Gateway each each with the same certificate profile configured. I created the "machinecert" using the firewall as a CA and manually installed the cert. When it ...

asiewert by L1 Bithead
  • 1674 Views
  • 1 replies
  • 0 Likes

Resolved! Machine Certificate Check/ Not working for me

Goal: When a user connects to the Globalprotect Portal it will authenticate using the LDAP authentication profile, and check for the presence of a certificate on the device. If the device(in my case I'm only going to use Windows 10 PCs) does not have the certificate, the authentication will fail. What I've done so far: The LDAP authenticati...

asiewert_0-1716391538482.png
asiewert_1-1716391699348.png
asiewert by L1 Bithead
  • 6192 Views
  • 3 replies
  • 0 Likes

IOS and Globalprotect using Multifactor authenticator

We are facing a problem on IOS devices related to globalprotect using Multifactor Authenticator with Azure. We tried forming a certificate chain a root certificate and an intermediate certificate. We added to the root certificate an extra attribute which is "IP= "IP Address" from Subject Alternative Name (SAN) field". As for the intermediate cer...

HMahfouz by L0 Member
  • 1749 Views
  • 0 replies
  • 1 Likes

SAML authentication - How to avoud the "Open GlobalProtect ..." popup ?

Hi all, I recently integrated Azure MFA via SAML with GlobalProtect and it works flawless. The only little issue is a popup that always appears whenever the authentication process is about to be completed. I guess this is the browser communicating with the global protect app , necessary to complete the tunnel creation. Any idea about how to s...

techreg by L0 Member
  • 6041 Views
  • 3 replies
  • 1 Likes

GlobalProtect software versioning numbers do not make sense to me

Hello - new to the GlobalProtect VPN client. We are in the processing of beginning to roll out the GP VPN client via GPO to our user base. I occasionally receive emails from Palo stating that a new version of GP VPN client is available, but when I look at the software update page, the versions of GP VPN client for Windows 64-bit shown do not...

Global protect upgrade to 6.2.0-89 having disconnection issue

I want ask if anyone face issue with below error after upgrading global protect to 6.2.0-89? "The network connection is unreachable, or the gateway is unresponsive. Check the network connection and reconnect" Before upgrade it works fine and no any changes. I can see logs in PanGPS as below: (P6048-T4788)Debug( 149): 08/18/23 07:54:44:675 CP...

GP fail to connect on MAC - web browser can open a page, ping not working

It was working before but than administrator changes certificate. Now I am trying to activate GP on MAC 14 Sonoma with latest GP 6.02. I can open portal IP on web browser with my credentials and download latest GP software. Authentication with user/pass is ok, than I use token and GP returns a message "Connection Failed". Certificate is valid ...

SCR-20240514-mgwm.png
Primoz by L0 Member
  • 1631 Views
  • 2 replies
  • 0 Likes
  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks