This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! Problems with pre-logon with machine certificate

Hi! We have problems with a customer that uses GP and pre-logon with machine certificate. It works for a couple of days, GP connects when you start your computer and works as intended. But stops working after a while. I can see these entries in the logs, the application seems to have som problems with the machine certificate: P13676-T145...

Need Guidance on Updating Google SAML Cert

We're using Google SAML for our GP 2FA, and the certificate is nearing its expiration date. I'm looking for guidance on how to go about updating the cert. Discover a world of modified WhatsApp experiences with GBGenie. We specialize in providing a curated selection of WhatsApp mods and modded apps, packed with unique features and functionalities...

jessalex by L0 Member
  • 1185 Views
  • 1 replies
  • 0 Likes

"Issued terminate to UI but still running."

Anyone know what could be going on here: > /opt/paloaltonetworks/globalprotect/globalprotect launch-ui --recoverQuit the application by signal(15).Issued terminate to UI but still running.Either try terminating UI again or continue to launch.Do you want to continue(y/n)? Using --recover because without it, the launch-ui command returns noth...

flemingr by L0 Member
  • 1039 Views
  • 1 replies
  • 0 Likes

Using Hash to Bring over User VPN Passwords

Hello Everyone, I am setting up a new PA460 and have a decent amount of users I set up. I have all the users set up and gave them new passwords. I was wondering, (on my current device) if I take the Password Hash from the user section in the Firewall's config using Notepad++, couldn't I simply copy the hash and paste that in as a hash for the ...

GlobalProtect Multi Factor Authentication

I'm in the process of setting up GlobalProtect for the first time. I have two authentication methods set up for the portal, ldap and radius. My understanding is that with this configuration both authentication methods must succeed in order for the login to be successful, however that is not the case. Whichever authentication method listed fir...

DEBARJD by L0 Member
  • 1291 Views
  • 1 replies
  • 0 Likes

Discussions

Hi Team, Good day to you, We have one customer he is facing issue with After connecting global protect unable to access internal lan server (RDP he is trying to acess) . he is created one policy (remote access to LAN ) once i checked traffic logs is was hitting correct policy only . I tried to add in application also (ms rdp) but still no lu...

Updating Google SAML Cert

We use Google SAML for our GP 2FA and the cert is getting ready to expire. I am needing some direction on updating the cert. For other products all I usually need to do in import the meta data and change the cert on the google admin side. I am not seeing this or am I just missing something. I have down loaded the new cert and the meta data trie...

mbritt by L1 Bithead
  • 1317 Views
  • 0 replies
  • 0 Likes

GlobalProtect Issues with Hotspot Users

Two different users reported problems when connecting to GlobalProtect when using an iPhone as a hotspot. The users can connect to GP, but are then unable to use HTTPS or ssh to connect to internal assets via the VPN. If the user uses the same laptop and connects via wifi (not using hotspot), GP works fine. Tests with several other users usin...

peppywoll_0-1610157455136.png

using Azure SSO for GP fails when password change dialog must be shown to user

Useing Azure SSO with Global Protect and MFA for sign in, there comes times when users must authenticate however their password must be changed, say on first login, or after X days etc. The page that displays the login etc seems to not be able to redirect to that change password dialog, and does not give the user any indication of what is wrong....

Using PAN as a DHCP Server - MAC Addresses are Case Sensitive

Hi everyone, I'm having an issue trying to tell our account representative that PAN should treat upper-case or lower-case (or even mixed) MAC addresses as one entry. I say this because I had an entry in our PAN DHCP Server all in lower-case (entered manually); later, I copied a MAC address into the system was wondering why the device didn't p...

Using pre-logon user with client certificates, how to force global protect to select a particular certificate and not prompt user?

The issue is that we are about to replace our Issuing Intermediate Root Certificate (IIRC) in our PKI chain with a new one due to expiration on December 15th. Right now we configure laptops we sent out to remote users with the special registry key settings in GlobalProtect to allow the "pre-logon" user, and to pre-define a specific portal to use...

[RFC5746] issue with ssl decryption: openssl3.0 unsafe legacy renegotiation disabled

Since I upgraded to the lastest fedora, all of my python/ansible script failed when they are decrypted by our palo alto ssl outbound policy. After some diging, fedora 35 was using openssl 1.1.1 and fedora 36 switched to openssl 3.0: https://fedoraproject.org/wiki/Changes/OpenSSL3.0 On the openssl 3.0 changelog, we can find this: OPENSSL chan...

Global Protect SAML Azure timeout

Hi, I have Global Protect setup to run authentication against Azure SAML. The users login with their credentials and are prompted with their MFA. The thing is that there seems to be a timeout timer for this in Global Protect? I tested that if the user logs in within about 30secs with user and MFA, everything works great. If it takes longer, ...

Internal host detection issue

Hello, Current setup is a 440 running 10.1.10-h2. Global Protect version is 6.1.2 I have double and triple checked that it's not a reverse dns issue, following this article: GlobalProtect app fails to detect Internal Network with Interna... - Knowledge Base - Palo Alto Networks global protect tries to connect internally to the vpn it fails wi...

MNoble by L2 Linker
  • 3679 Views
  • 4 replies
  • 0 Likes

Globalprotect: Always on doesn't always work after comming out of standby requires refresh.

Hi, I have a couple of question about Global Protect Always on. At this moment my portal and gateway are using SAML authentication and my client is set to Always On and Internal portal detection. 1. What is best practice around authentication cookie override and SAML auth. Am I correct that the process for the cookies is to ...

zGomez by L3 Networker
  • 1262 Views
  • 0 replies
  • 0 Likes
  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks