GlobalProtect Discussions

How to Update the SAML Certificate When Integrated with Azure AD and SAML.”

Hello,

I’m using Azure AD as the Identity Provider (IdP) and GlobalProtect as the Service Provider (SP) for SSO. I’m having difficulty updating the SAML certificate.

I’ve followed these steps:

1. Issued a new SAML certificate in Azure AD.
2. Imported

GlobalProtect Random disconnects

Hello,

Has anyone else have issues with random GP disconnections since recently (May/June/July 2021) on GP version 5.0.x and 5.2.x ? 

It started around one month ago throughout the whole company and we weren't able to figure out what's going on till no

How can i apply different HIP Policy for external users?

Hello Dear Community,

I have 2 SSL VPN rules assigned to my username in Palo Alto firewall. For testing purposes, I added a HIP profile to only one of them. The device I tested does not comply with the HIP profile.

The VPN connection is notifyed as f

Global Protect client connected an able to send traffic but not replying when traffic is initiated in the Datacenter side

Hi, I am having a problem where random global protect clients are connecting and are able to send traffic through the tunnel to the Data Center when traffic is initiated in the client workstation. However if we try to RDP or send any traffic to the c

Host certificate check HIP objects configuration

we are planning to configure certificate check HIP object  and authentication based on that. we are not getting any clear picture in online or palo alto portal. please help up to provide resource...

VPN Login Failures

Hi,

I received two kinds of events when I tried to connect VPN.  Which event I can consider as a threat.

I have excluded the username pre-logon from monitoring but for the destination 0.0.0.0 is receiving.

Why destination IP show 0.0.0.0? Can I ign

Global Protect HIP issues with Jamf Agent

Hi All

I am having difficulties with HIP testing from Global protect to detect for Jamf Pro on Macintosh devices. We use the Cloud based Jamf Pro and the only options for HIP Objects for this is either for a plist or Process. Plist is out of the ques

Exclude a Application behind Clientless VPN from decryption

Hi all,

I am currently facing the problem of publishing an internal web application via GlobalProtect Portal and Clientless VPN.

The principle is already used by us and works very well so far.

However, this one particular application has a proper

Global Protect HIP Testing with Fortinac / Bradford - Macintosh PC's

Hi All

I am having difficulties with HIP testing from Global protect to detect for NAC Persistent agent (formally called Bradford agent) on Macs. I have put in a process in the HIP object to look for /Library/Application Support/Bradford Networks/Per

Using Keycloak as idP

Has anyone succeeded in using Keycloak as idP with Globalprotect?

We're having issues with the windows clients receiving "You are already logged in" while trying to log in, which also make the gp app hang. The GP app for macOS never experience this.

GlobalProtect for iOS and Intune data attributes

Hello everyone!  I'm currently working on setting up GlobalProtect and having it send appropriate HIP data to the firewall.  I got Windows devices working pretty well, but I'm struggling with iOS devices that are managed by Intune

According to https:

Dynamic DNS Registration Support for Mobile Users—GlobalProtect

Hello -

Has anyone successfully done this with Infoblox?

I followed this https://www.youtube.com/watch?v=a99yioMVREA but it doesn't seem to be getting to the DNS.  Not sure how to troubleshoot.

Globalprotect tries to connect then goes back to 'Connect' button

Having one computer that has issues with the GP client. I have tried GP version 4.8, 5.2, and 6.1 and various means of having them update or refusing to update etc.  I have restarted the computer, uninstalled and deleted app data and Program Files fo