GP 6.0.6 - Cookie expired only from mobile phone

Hi,

we have PA-850 and we deployed GP 6.0.7 for desktops and 6.0.6 version for mobile phones.

The authentication is based on SAML via Azure and every connection from desktops works flawlessly.

Recently we started receiving complaints from users that

Group Login condition Azure Groups

Hi,

We are using our on prem LDAP to fetch groups on the Palo. For GP authentication as well, we are using group in

1) GP Portal > Agent > Config Selection Criteria > User/User Group

2) GP Gateway > Agent > Client Settings > Config Selection Criteria

SAML cookies and global protect cookies

Hi,

If I am using SAML authentication on my portal and gateway what is the best practice around Authentication cookies override.

When using SAML my user will be prompted via the default browser 2 times ones for the portal and ones for the gateway.

upgrade Global Protect Client

We need to upgrade Global Protect Client from 5.2 to 6.2.7 ,

Is the direct upgrade would be possible or do we need to upgrade to any intermittent OS.

How to Update the SAML Certificate When Integrated with Azure AD and SAML.”

Hello,

I’m using Azure AD as the Identity Provider (IdP) and GlobalProtect as the Service Provider (SP) for SSO. I’m having difficulty updating the SAML certificate.

I’ve followed these steps:

1. Issued a new SAML certificate in Azure AD.
2. Imported

GlobalProtect Random disconnects

Hello,

Has anyone else have issues with random GP disconnections since recently (May/June/July 2021) on GP version 5.0.x and 5.2.x ? 

It started around one month ago throughout the whole company and we weren't able to figure out what's going on till no

How can i apply different HIP Policy for external users?

Hello Dear Community,

I have 2 SSL VPN rules assigned to my username in Palo Alto firewall. For testing purposes, I added a HIP profile to only one of them. The device I tested does not comply with the HIP profile.

The VPN connection is notifyed as f

Global Protect client connected an able to send traffic but not replying when traffic is initiated in the Datacenter side

Hi, I am having a problem where random global protect clients are connecting and are able to send traffic through the tunnel to the Data Center when traffic is initiated in the client workstation. However if we try to RDP or send any traffic to the c

Host certificate check HIP objects configuration

we are planning to configure certificate check HIP object  and authentication based on that. we are not getting any clear picture in online or palo alto portal. please help up to provide resource...

VPN Login Failures

Hi,

I received two kinds of events when I tried to connect VPN.  Which event I can consider as a threat.

I have excluded the username pre-logon from monitoring but for the destination 0.0.0.0 is receiving.

Why destination IP show 0.0.0.0? Can I ign