This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Need Help on Configuring GlobalProtect VPN

Hello there, I am working on setting up GlobalProtect VPN for our organization and could use some advice. We have a mixed environment with Windows, macOS, and Linux machines, and we're looking to ensure a seamless experience for our users. Specifically; I am interested in hearing about best practices for; Configuring GlobalProtect for a mixe...

How to use a Machine Cert with a Private Key for Global protect prelogon

Greetings, We utilize our own PKI infrastructure so the certificates we want to use for prelogon are already in place. I am also new to this so it may be working as designed but having a hard time validating. We have imported a rootCA into Strata Cloud Manager the resides in Trusted Root CA on windows We have an Intermediate CA signed by th...

Conditional rules for GP MFA auth?

Is it possible to apply conditional rules on a GlobalProtect login so the means of login can vary? For example; If a Windows client is operating within a particular country or public IP range, just require simple SAML user login and maybe AD machine membership. However, if the client is outside of the country/ip-range, prompt the user for an MFA...

Multiple versions needed to access different portals

We are a service company that needs to access various customer sites. Several of our customers use Palo Alto Global Protect, but not all of them are up to date, and we have to use several different versions of the Global Protect "client" software (note sure if that's the term to use) to access these various sites. As a service company, we are no...

VPN Attempts from Rotating IPs and Generic Usernames

Hello all, For several weeks, I have been getting many VPN login attempts from different IPs trying to login using generic usernames, like "guest", "support", "admin", etc. Is this normal? Is there anything that I can do to stop this from happening? I have attached a screenshot for additional context. Thanks.

mdmartin by L0 Member
  • 8008 Views
  • 5 replies
  • 0 Likes

Multiple bogus credentials on GP portal

I have noticed there are alot of random IPs that are trying to login to my GP portal. We are using pre-login method of GP so legit users do not login. GP starts and does an auto-login pre-windows login. The logs tell me these failures are coming from GP portal. They are not getting anywhere since a trusted cert on legit users PCs is required, bu...

Global Protect for IPad auto-connect option partially works

We have around 200 Ipads deployed to our field agents. Our configuration on our global protect portal is to have always-on enabled, so that when a device loses connection, that when connection is restored the vpn would automatically reconnect. my initial tests were with test mobile phones (iphone 12 and a Pixel 8), I rigorously tested these...

GP Update to 6.1 and PAN-OS 10.2.7-h3

Hello,We are planning to upgrade our GP client to 6.1.4. Currently we are running 6.0.7 and the PAN-OS (10.2.7-h3). Since we just recently upgraded our PAN-OS, we do not intend to upgrade to 11.0 anytime soon. My question is; what would be the behavior of the GP client 6.1.4 when we have PAN-OS (10.2.7-h3)? I know with 6.1 the End-user Notificat...

jesteves by L0 Member
  • 1414 Views
  • 1 replies
  • 0 Likes

Resolved! GP Internal Gateway does not work after upgrading to 10.2.7-h3

Our customer has configured internal gateways to retrieve mapping information for users from devices that are not joined to the domain. This was working fine after Firewalls and Panorama were upgraded to 10.2.7-h3. For example, one of the peer's firewalls (Active/Passive) was upgraded and this task was completed without issues around 7:30 PM...

VPN SSO with MFA every time

Hi We have recently purchased a Palo Alto firewall and connect to the VPN using GlobalProtect. For Teams/Sharepoint etc. We use Azure MFA where a push notification comes through to the authenticator app and to get this working on GlobalProtect we had to set up a radius server. The reason we can't use Azure MFA with GlobalProtect is that w...

edmozley by L0 Member
  • 3492 Views
  • 2 replies
  • 0 Likes

Clientless VPN portal and SAML SSO and Application SSO

Hi there, I wanted to check that possibly what I'm trying isn't actually going to work. Had a look around at people with simular issues on LDAP, but I thought using SAML would solve this ... but not! What I'm trying to achieve here is SSO into the VPN portal and then into any applications that use the same SSO method (the method we are using i...

DTGHelp by L0 Member
  • 2331 Views
  • 2 replies
  • 0 Likes

Global Protect users are unable to access SQL database which hosted in Azure

We have a tunnel configured between on-premises PA-5250 and Azure. traffic flows as expected users who are not connected to the global protect can connect to the SQLMS without any issues. However, users who are connected to the GP can't access the SQLMS. traceroute reaches the GP gateway and ends. if we try with the URL the traffic does not re...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks