Hi, I'm creating a firewall rule to allow TCP 443/UDP 4501 (Global Protect) to go through the firewall, and I want to know if I need to allow bidirectional for the UDP 4501? Thank you,
hi all, Our EU is currently on GlobalProtect 6.1.0 on PA-5250 firewall, we just wondered if this GP 6.1 support Linux Fedora 39? I tried to find any legit resources that would mention this but couldnt find anything helpful. Would like to share the information to our EU, hopefully anyone could help. thanks!
Hello Team, I have configured multiple agent profiles in the GP Portal and I want to verify which agent profile is currently being fetched by individual user, How do i verify that from the firewall or endpoint? Context: I have profile 1 which has a limited set of exception users who have some flexibility to switch the portal to add a new port...
Hello everyone, After upgrading GlobalProtect from 5.x to 6.2.2 users started to complain that GP is connecting automatically after logging in to OS. Agent App configuration hasn't been changed and still is On-demand. There is addressed issue in GP 6.2.1 which should solve this (GPC-18336 - Fixed an issue where the GlobalProtect app got automa...
Hi All, So I have Global Protect running with the HIP license. Our current conditions for HIP connectivity are; 1. Must be Windows 10 or 11, must have Crowdstrike installed and running, must have Zscaler Client Connector installed and running. I have no problems with any of these users. However, we have a very small subset of users on Macb...
Hello Team, Please share link to Download and Install the Global Protect App for Linux CLI version Requesting to share the link at the earliest Thanks & Regards / ramu
hey, can someone please explain how this feature work from the stage of open the browser and surf to www.google.com until the GP client decide it should enter the tunnel? for example 1. GP listen on the nic for dns queries 2. GP check with the split tunnel rules if there is a match 3. GP route the traffic to the tunnel on the OS network sta...
I generally try to run macOS beta version to jump ahead of any issues. I've been running macOS Sonoma 14.2 beta (2 and 4, specifically). In my testing, the Global Protect VPN client successfully connects (we're using certificates on in this case) but then fails to pass any traffic. The interface has an IP address, which can be pinging, but no...
Hi all, We've setup SAML / SSO and all works OK , however, when GlobalProtect starts, it automatically connects without asking for any creds. I'm assuming this is a result of the machine being joined to the same domain so the password is not needed. However, I'd like to configure it so that at least an MFA prompt occurs. Connecting on a non j...
I'm trying to figure out if therre's a way to configure GlobalProtect to prompt the end users to accept a logon banner message when they've entered their credentials successfully in the GlobalProtect app. Cisco Anyconnect can accomplish this in the group-policy and it's nice because after a user enters their credentials, they get prompted with a...
Hi Team I'm facing issue with when i connect to VPN then my laptop internet slows down.
Hello everyone, We have two strange errors with Globalprotect (v. 5.2.11) since the update to PANOS 10.2.3-h2:- For internal connections (via tunnel) the connection fails with the event gateway-hip-check with the message "Invalid tunnel end point IP address". - The external portal is suddenly no longer accessible via https but pingable via the...
Env: PRisma Access ; GP Client 6.2.0-89 What variable controls the "finding the best available Gateway" ; We are experiencing anywhere between ~2 to 7 minutes to get connect the gateway? How can we manipulate this algorith to not do this 'Finding best gateway" TIA
Hi everyone, Hoping someone could tell me where I'm going wrong with this. We have recently acquired a secondary ISP line which is connected to our PA's eth1/1 via PPPoE, which includes /28 available IPs. I am looking at moving one of our client's GlobalProtect portal and gateway from our primary ISP line (Which is via static IP) to the seco...
