when you open up GlobalProtect, it opens two browser windows to authenticate. we cannot connect until we close just 1 of those authentication windows. how to troubleshoot?
Hi everyone! First LIVE post, hoping to learn about how HIP profiles function when applied to security policies. I have a zone created for my Global Protect VPN users, I want to apply a HIP Profile that checks if the computer is domain joined and denies access to the gateway if the check fails. My understanding is that the HIP profile need...
Hi all, I have a peculiar problem that I would appreciate help with. Myself and the IT team(me being part of the security team) are piloting the GP with Prisma sase as the vpn of choice for our organization. We have two endpoints with it - a mac and a windows. now everything works fine, but for some reason after about a week from installation th...
I have an HA pair of VM series Palo Alto Firewalls deployed in Azure. How do I associate the public IP to a certificate on the PA? Are there any instructions on how to do this available? Do I add the public IP or? I cant use dhcp as its an HA config with floating IPS.
Hello, I am running Palo Alto in my network and few team members connects to Global Protect VPN for different partner. As soon as they connect, VPN keeps disconnecting frequently. If same members connect VPN from home or with hotspot, it works perfectly fine without any drop. Can any one advise how to troubleshoot this issue?I found a known is...
VPN connection - Sign in and log in from outside - You cannot log in when logging in to your internal network. /vpn is mapped as public, so - How can I separate the GP portal into private/public? (FQDN) Internal authentication - Is the portal externally/internally certified? - When connected to an internal network, users have an indepen...
Hi All- We have LSVPN configured and working. However, a recent security scan shows that Content Security Policy (CSP ) issue with the gateway default login script in PA. It complains about: script-src: self style-src: self Is there any suggestion on how this can be fixed?Thank you!
Hi, I configured Global Protect with Azure MFA (SAML).I have set this up as described here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE Unfortunately I can´t see the FIDO Key in the Login-mask. The other authentification methods are displayed. Since some users have only one FIDO key the question would be if ...
Hello Friends, What troubleshooting steps can I take to address the GlobalProtect connectivity issues, including the "Your GlobalProtect session has been disconnected due to network connectivity issues or session timeouts" notification and the SSL VPN GlobalProtect connected status with 0 bytes traffic after upgrading PAN-OS to version 10.2.7-h3...
Best regard Equipment Currently in the company we are with the task of updating the GP agent to a more recent version, however, we do not know how much impact there may be on end clients if we update the agent, since they will understand that there are many users. Having said the above, I would like you to clarify the following information for m...
May I ask HIP domain can use wildcard characters or not? (Like diagram below) I read an article that OS cannot use *, but I am not sure whether domain can use wildcard characters or not(just like URL wildcard) https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM79CAE Thank you.
I have a target system that I need to access via WebUI. The system is reachable via its IP address 192.168.255.129 with a /24 (255.255.255.0) subnet. Furthermore the system expects a client IP address of 192.168.255.130, any other IP address will be rejected. The target system is a "proprietary blackbox", which means these settings cannot be c...
Hi, I am looking at how to assign different IP Pool addresses to clients based on a HIPS check. We are currently achieving this by assigning a different IP Pool to users based on user group membership of an Active Directory group. When the client authenticates with the Gateway, it receives a Pre-logon IP Address - lets call this an IP Addres...
Hi All, I'm doing POC on GlobalProtect for one of our customer. As our enviorment is VM series firewall on AWS, we stopped the VM in non-busness hour for costsaving purpose of AWS cloud. But very next day, the Globalprotect servicce IP is not reachable,it usually takes around 30 to 40 mins or even sometime 1 hour to the service ip to become re...
I have looked at the different support documents and previous discussions but have not gotten much wiser. I need to have a handful of users connect to GlobalProtect with TOTP as the second authentication factor. Since the number of users are so low, they can either live on our LDAP service (preferred) or as local users. The TOTP is to be verif...
BPry
on:
Enforce GlobalProtect Access Based on Microsoft Intune Compliance Status
