This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Ubikey and global protect

Hello all, Do you know if Global Protect is compatible with Okta and Ubikey ? We got this error message https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HB8lCAG&lang=en_US%E2%80%A9, but even following the KB didn't improve things.I wonder if it's compatible.Thanks for your help

Resolved! Multi Factor Authentcation (Privacy Idea) just for some Users

Good Morning, we are using Palo Alto 3020 (installed sw 9.1). We recently tried to implement multi factor authentication with privacy idea. We followed this guide and everything works. https://www.youtube.com/watch?v=2mIuqmWP-j0&t=1200s The main problem is that we would like to be able to decide which users should use mfa and which should s...

unibg_it by L1 Bithead
  • 6898 Views
  • 9 replies
  • 0 Likes

problem with MS Edge with SAML auth for Global Protect

We have been using SAML authentication with the user default browser for Global Protect for some time now. Within the past month it seems that users with MS Edge as the default browser have been having a lot of trouble authenticating. The SAML completes and the token seems to not be getting passed back to Global Protect. Switching the user's def...

GlobalProtect Pre-Logon before user logs in.

we have been using pre-logon for some time and are generally having very few issues. We now need Pre-Logon to work on newly built laptops using the "Extend Key Usage OID" setting in the GP app. It works fine but we need it set for when a user first ever logs on as they are being given an option to choose one of 4 certificates. (yes we use cert...

Mick_Ball by L7 Applicator
  • 915 Views
  • 0 replies
  • 0 Likes

Clientless VPN Portal Brute Forcing

Hi all, I have an issue with a single/multiple threat actors attempting to brute force or clientless vpn portal. They are switching IP's with each attempt and they occur 3-7 time per hour. They use the most ridiculous dictionaries for user names but regardless, they change periodically and I would like to put a stop to it but am finding it qu...

GlobalProtect SAML Azure AD Entera ID and cookies

Hi, we have recently implemented Azure Entera ID SAML auth on our portal/gateway on a customer. This works fine with authenticating. However there is a small quirk that is annoying. Everytime the client needs to connect, they have to choose which account to use (They have other private Office accounts as well as the business one). Even though th...

User having issues accessing internet after connecting to Global Protect -- Userid

Hi Team We are seeing an issue where only 1 user is having issues when going to any websites over Global Protect. DNS lookup completes and the built-in Apps like Outlook, teams work over GP with no issues. The user is able to successfully authenticate with DUO MFA, the issue is only after the connection with GP. We can see that the client is...

GlobalProtect and Smartcard pin caching

Good morning, I am hoping that someone might have some insight as to GP's pin caching. We have a smartcard portal that validates both pin and username/password but within certain time frames you can reconnect without the pin and just the username/password. Is there a way to force gp to validate the pin every time someone connects to a portal r...

rhamann by L0 Member
  • 1139 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect Issue on PA-3020 9.1.17

Hello everyone, I'd want to seek your guidance on a matter that we're now dealing with. So, last year, around the third week of December, we upgraded the firmware of PA-3020 from 9.1.15 to 9.1.17 as per the advisory of Palo Alto. So far, no issues have been reported following the upgrade, but after a while we have discovered an issue regarding...

Marlo_Perez_0-1704948532651.png
Marlo_Perez_2-1704949007599.png

Resolved! GlobalProtect quarantine Prisma Access Mobile Users

Has anyone used the GlobalProtect quarantine device functionality with Prisma Access Mobile User deployments? I have data redistribution setup with the service connection infrastructure subnet, but devices in the quarantine list do not seem to be recognized on the mobile user gateways. There must be a disconnect with the quarantine list on Pa...

RDP disconnects GlobalProtect session

We have our laptops configured for pre-logon with machine certs, and SSO for the user based tunnel. If we RDP to a laptop that is sitting at the logon screen with the machine tunnel up, RDP works fine. However, if we RDP to a laptop that is already signed in with the user tunnel up, then RDP kills the GlobalProtect session and disconnects. ...

Jsitter by L1 Bithead
  • 4357 Views
  • 1 replies
  • 0 Likes

Blocking by Country Security Policy

I've added several countries to a Security Policy that restricts access based on Location - however, I'm still seeing login attempts from those countries. What other steps can I take to ensure we don't see anymore attempts from the countries already added to the policy?

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks