This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

GP SAML authentication with multiple client configurations in gatway

Hi Everyone, I'm trying to allow to separate entities to login to an external GP gateway using the same auth profile. In the gateway configuration under agent, I have two configs one for each entity with specific routes for each. When I have one of the configs set to any user on any OS this works, but if I try to define which users get which...

GP HIP Profile Applied to Security Policy with Multiple Zones

Hi everyone! First LIVE post, hoping to learn about how HIP profiles function when applied to security policies. I have a zone created for my Global Protect VPN users, I want to apply a HIP Profile that checks if the computer is domain joined and denies access to the gateway if the check fails. My understanding is that the HIP profile need...

Global protect self uninstall on mac

Hi all, I have a peculiar problem that I would appreciate help with. Myself and the IT team(me being part of the security team) are piloting the GP with Prisma sase as the vpn of choice for our organization. We have two endpoints with it - a mac and a windows. now everything works fine, but for some reason after about a week from installation th...

AZURE VM Configure GP with certificate

I have an HA pair of VM series Palo Alto Firewalls deployed in Azure. How do I associate the public IP to a certificate on the PA? Are there any instructions on how to do this available? Do I add the public IP or? I cant use dhcp as its an HA config with floating IPS.

Carleton by L3 Networker
  • 774 Views
  • 0 replies
  • 0 Likes

Global Protect Disconnects Frequently

Hello, I am running Palo Alto in my network and few team members connects to Global Protect VPN for different partner. As soon as they connect, VPN keeps disconnecting frequently. If same members connect VPN from home or with hotspot, it works perfectly fine without any drop. Can any one advise how to troubleshoot this issue?I found a known is...

PiyushBassi_0-1710934167760.png

How to Internalize Palo Alto Global Protect?

VPN connection - Sign in and log in from outside - You cannot log in when logging in to your internal network. /vpn is mapped as public, so - How can I separate the GP portal into private/public? (FQDN) Internal authentication - Is the portal externally/internally certified? - When connected to an internal network, users have an indepen...

Jaehyun by L0 Member
  • 698 Views
  • 0 replies
  • 0 Likes

Global Protect Azure MFA SAML FIDO Key

Hi, I configured Global Protect with Azure MFA (SAML).I have set this up as described here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE Unfortunately I can´t see the FIDO Key in the Login-mask. The other authentification methods are displayed. Since some users have only one FIDO key the question would be if ...

GlobalProtect Connection Issues in PAN-OS 10.2.7-h3

Hello Friends, What troubleshooting steps can I take to address the GlobalProtect connectivity issues, including the "Your GlobalProtect session has been disconnected due to network connectivity issues or session timeouts" notification and the SSL VPN GlobalProtect connected status with 0 bytes traffic after upgrading PAN-OS to version 10.2.7-h3...

fatihs20 by L0 Member
  • 27911 Views
  • 23 replies
  • 2 Likes

Massive update of GlobalProtecr agents

Best regard Equipment Currently in the company we are with the task of updating the GP agent to a more recent version, however, we do not know how much impact there may be on end clients if we update the agent, since they will understand that there are many users. Having said the above, I would like you to clarify the following information for m...

aalfaro by L2 Linker
  • 1774 Views
  • 3 replies
  • 0 Likes

Can HIP domain use wildcard characters?

May I ask HIP domain can use wildcard characters or not? (Like diagram below) I read an article that OS cannot use *, but I am not sure whether domain can use wildcard characters or not(just like URL wildcard) https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM79CAE Thank you.

WilsonHuang_0-1710749217423.png

Get a defined target IP Adress and Subnet via GlobalProtect (PA-460)

  I have a target system that I need to access via WebUI. The system is reachable via its IP address 192.168.255.129 with a /24 (255.255.255.0) subnet. Furthermore the system expects a client IP address of 192.168.255.130, any other IP address will be rejected. The target system is a "proprietary blackbox", which means these settings cannot be c...

Bild (3).png
Bild (2).png
SaArlt by L1 Bithead
  • 6805 Views
  • 4 replies
  • 0 Likes

Use HIPS to assign Gateway IP Address for external clients

Hi, I am looking at how to assign different IP Pool addresses to clients based on a HIPS check. We are currently achieving this by assigning a different IP Pool to users based on user group membership of an Active Directory group. When the client authenticates with the Gateway, it receives a Pre-logon IP Address - lets call this an IP Addres...

VM series Firewall Global protect IP unreachable after rebooting

Hi All, I'm doing POC on GlobalProtect for one of our customer. As our enviorment is VM series firewall on AWS, we stopped the VM in non-busness hour for costsaving purpose of AWS cloud. But very next day, the Globalprotect servicce IP is not reachable,it usually takes around 30 to 40 mins or even sometime 1 hour to the service ip to become re...

  • 2078 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks