When setting up a portal or gateway there is a place to configure authentication - say with LDAP or other.
What is the relationship between the portal and gateway from the perspective of authentication?
Obviously you'd want users to just log in once.
When I am trying to connect with VPN then its throwing below error and after that a blank popup for login window comes, earlier in the login popup it asks for username and password,
Using PanOS 9.1.10 and GP Client 5.2.8
We have Okta authentication set up and working on our GP portals, but a strange issue was causing failures for quite a while, and we couldn't figure it out even working with Palo Alto tech support for many days.
Hi!
An exciting start to the day - a security policy with a HIP profile ("compliant" - basically running an approved os) that previously worked fine, stopped working for a random selection of people and rapidly became less random and more universal.
...
https://publicIP/global-protect/getsoftwarepage.esp
This portal is available now publicly even without login. Anyone can access the portal without login and download the client.
Is it possible to restrict this page to login users only.
Our VPN users are complaining that after being connected for over 1 hour they get disconnected by global protect. They have to close global protect and reopen to connect back. We have remote customer service agents that get disconnected up to 4 to
...
Is it possible for PA local users to change their password themselves. Global protect VPN users needs to have option to change their password, rather than admin setting the password.
Hi Team
We have a GP portal vpn.example.com which is hosted on a physical NGFW where we use SAML for authentication.
Now we want to move it to cloud, hence we have to generate a new SAML for this portal IP with the FQDN vpn.example.com.
We want to use
...
Hi All,
We are having 3 ISP's and one GP Portal/Gateway pair configured on each of the ISP interface total of 3 GP Portal/Gateway on the single firewall all are accessed by FQDN name
We had bought 3 domain names from Go Daddy for all of our 3 ISP IP'
...
Hello,
We're currently implementing GlobalProtect with SAML Authentification to AzureAD only (no hybrid) based on groups for easier management.
Example :
Groupe1 is given an IP_Pool1 IP with access to subnet1
Groupe2 is given an IP_Pool2 IP with access
...
Hi All,
We are having two ISP connections and configured an GP Portal/Gateway on each ISP connections(Primary Portal/GW on ISP 1 and Secondary GP Portal/GW on ISP 2).
On firewall the ISP 1 is configured as default route and ISP 2 is configured as ba
...
Hi all
We have a load of small branch offices that terminate at our azure Palo Alto gateway over an IPsec tunnel (via a Draytek router). This all works and allows printing & RDP to onprem services. We also have the Global Protect gateway on the same P
...
Hello,
I'm working on excluding Zoom from GlobalProtect. I came across this article
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPDSCA4&lang=en_US%E2%80%A9
For windows, there is an error, instead of excluding %AppData%\R
...
Is there any simple way to clear GlobalProtect authentication cookies on an endpoint other than uninstalling the client, rebooting and reinstalling?
For troubleshooting some connection issues, I need to show what happens when the cookie doesn't exist
...
Hi Teams & Friends,
Hope you're good and safe !
We have configured GP VPN we have license for configuring HIP objects it was working as expected one of our new requirement was to kn
...
TomYoung
on:
Failed GlobalProtect login confusion
TomYoung
on:
Clientless VPN Portal Brute Forcing
TomYoung
on:
Unauthorized GP login attempts
TomYoung
on:
HIP profile is not working with WAN rule
