globalprotect Client certificate with OID requesting users to select their certificate

I recently configured my globalprotect agent to look for a machine certificate including a specific OID to avoid a confusing selection process on devices with multiple client certificates signed by the same CA. Our original configuration started requ

GP with MFA on AD backend

Hi All,

need verification please..

looking to implement GP for a client with user-id and MFA.

The PA FWs are Azure based same for the AD servers and will use ldap to connect to AD from FWs.

The AD has MFA integrated already.

so the question is do i

Global Protect issues on few Win10 machines

Hi Guys, already have raised support ticket but no reply for few days, so trying to get some info here. I have seen couple of threads but not sure they are related to issue we have with these few Win10 laptops. We have Palo VM on 10.0.6 OS and GP is

GlobalProtect windows store app - how to???

hi all,

new to the palo alto world, however i cannot seem to find info on setting up globalprotect to use the windows store version of the GP app. I've ot the subscription licence applied to my firewall and went throuhg the pocess of creating a clien

Migrate GP users from on-prem to Prisma Access gateways

Hi-

I'm planning a migration of Windows and Mac OS clients from our on-prem GP gateways to Prisma Access. I had planned on making use of registry and plist settings, specifically 'portal' and 'prelogon,' to force the GP client to connect to the Pri

Global Protect Portal Client Certificate Authentication - Cert not found

I am trying to setup Global Protect Portal authentication using Client Certificate Authentication instead of radius. I generated CA and self signed cert on the palo. Configured Client Cert profile and attached it to Portal -> Authentication (removed

Global Protect sole credential provider for Smart Cards

For weeks, we have been testing combinations of attempting to go passwordless via the use of Smart Cards.  The reason being is that Smart Cards work with all the technologies we have and Global Protect supports PIN SSO with Smart Cards for a seamless

Global Protect and another VPN Client

Hello to everyone,

In my environment, the GP is set as always on and it works properly. The problem is that some clients have started demanding that we access them through the VPN client they provide us with.
I know there is an option to allow the user

mac users gp authentication issue

Hello Team,

All of the mac users are getting authentication issue errors on their screen and unable to enter the credentials. The pop window is blank.

Kindly find the gp logs below:

P41029-T12039 Oct 11 13:52:35:203760 Debug(2142): ----portal pro

GlobalProtect -Select Certificate Error?

Hello, I'm a help desktop tech. I have a user who is asking why he is receiving this error message. I'm not sure myself, can someone explain it to me. Thank you

need specific endpoint exceptions after applying signature based global blocking.

Hi Team,

we have blocked a couple of malicious files globally with signature-based by creating a group policy. we need to give exceptions for some of the endpoints. for example, we are blocking team viewer, what 'app, and VLC player in globally wit

Global Protect keychain prompt on M1 Mac.

With the new M1 macs, Global protect is just looping requesting for keychain Access. This is with Cert based Authentication and seems to be limited to only doing it on the newer M1 macs. 

Client version: 5.12

Tired the steps in this article with no

Authentication Radius doesn't work after upgrade firmware to 10.2.2

Hi everyone,

on PA-220 I've update firmware version from 10.1.5h1 to 10.2.2.

We have globalprotect work with Radius Authentication with protocol PEAP-MSCHAPv2.

After the upgrade it doesn't work anymore. (it works with other protocol, like PAP).

Certifi

GP 6.1 for Mac not prompting for domain login unless GP 5.10 was previously installed

To start with a little history.  Our fleet was all Monterey and running GP 5.10.  As we prepared for Ventura, we first pushed out GP 6.1 to the Monterey systems.  Then they upgrade to Ventura and everything has been fine.  That is for pre-existing ma