This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

RADIUS flows for Authenticating GP with username, password and OTP

Hello, I have a working GP configuration that uses client certificate, username and password for authentication, with the username and password validated using PEAP-MSCHAPv2 against a RADIUS server. I want to add an OTP challenge as described at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8ICAS, for the on demand ...

Global Protect and Microsoft Teams e911

Microsoft Teams e911 calling does not display the location when connected to Global Protect. We have split tunneled the Microsoft Teams subnets (i.e. 52.112.0.0/14, 52.122.0.0/15, 52.238.119.141/32, 52.244.160.207/32) as per the Microsoft 365 URLs and IP address ranges (https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-addre...

Packaging Global Protect

Have questions regarding packaging Global Protect for distribution to both Windows and Mac. Using MSI for Windows and pkg for Mac. 1. How do we create a package to distribute Global Protect that sets the Portal and forces it to use a specified browser (Windows - Edge and for Mac - Safari) and not use the default browser that is set up on the O...

Prevent users to add new portal in Gloabal Protect App

Hello Community Members, I am looking to restrict the users from adding any additional portal in the Global Protect App. I know there is an option in Agent configuration that restricts users not to change the portal but that will limit users to only connecting to one portal. We have multiple portals in our infra and we want users to give th...

Resolved! NGFW Global Protect 6.2.7 Global Counters Negotiation Error TLS 1.3 MAC-OS

Hello Livecommunity!I'm facing an error with the Global Protect Agent 6.2.7 when an Apple Mac OS X 15.3.1 Sequoia tries to establish an SSL VPN connection with the Global Protect Portal; We see the next error on the DP CLI pcap global counters:NGFW(active)> show counter global filter packet-filter yes delta yesssl_tls13_connection_error ...

DanielSRomero_0-1741003799243.png
DanielSRomero_3-1741004715515.png
DanielSRomero_1-1741003799236.png

Resolved! GP client update fails to download, DNS record needed

We're updating from 5.2.12 to 6.2.1. The transparent update only works when testing with a DNS entry in a local hosts file. I don't think we've had a DNS entry in the past for the portal, but it seems like it's needed now. The below article talks about this, but I want to understand which address needs to be resolved. Is it the loopback interf...

Resolved! Panorama managed - Global protect SAML cert renew - IDP xml import wrong expiry

Background : Panorama version 10.2.13-h5 PA460's : 10.2.13-h5 2x PA460 active/passive HA. Managed by Panorama (9 other firewalls as well, but they don't provide GP portal / config. - SAML cert expires Jan 10th 2026. - Followed MS instruction on creating a new cert within MS admin/entra/azure/whatever they call it today. - Firewalls did not li...

GlobalProtect VPN Client windows 11 crash

Hi, I am using GlobalProtect GlobalProtect App version 6.2.8-263. It is the latest version i could download from network. When i am using connectioni got bluescreen crash whch i can reasume to: Bugcheck code: 0x1E This is MODE_EXCEPTION_NOT_HANDLED, which means that a kernel-mode component threw an exception that was not handled. Excep...

PiotrH by L0 Member
  • 2124 Views
  • 1 replies
  • 0 Likes

Unable to connect VPN

Hi , I am using GP 6.2.8-183 and use radius server to get authentication. However, I signout from the GP and when i tried to connect VPN , it prompts invalid user name or password. It was working before i signedout from the existing VPN connection. Same was noticed a new user created last Friday. It there a way that that can be resolved?

Using Keycloak as idP

Has anyone succeeded in using Keycloak as idP with Globalprotect? We're having issues with the windows clients receiving "You are already logged in" while trying to log in, which also make the gp app hang. The GP app for macOS never experience this. We've also experienced with openconnect on Ubuntu (since Palo's own ubuntu GP app does not work a...

Anbjorn by L1 Bithead
  • 5026 Views
  • 3 replies
  • 0 Likes

Resolved! Use Auto-Tagging to block failed Global Protect login attempts

hi, we use SAML for our Global Protect Portal and Gateway Authentication, so all logins are automatically forwarded to our IdP and are being processed there. But for whatever reason we sometimes face Brute Force attacks on our portal, where all kinds of generic users are being tried to authenticate against the Portal: for my understanding this ...

1.png
Fluck by L1 Bithead
  • 20871 Views
  • 13 replies
  • 1 Likes

Working overseas - Unable to connect PaloAlto global protection VPN

I'm working overseas. If I use Wi-Fi, I have trouble connecting to the PaloAlto global protection VPN, but if I use a hotspot(my roaming cellphone - Mint mobile), I am able to connect to it.When I use Wi-Fi, the internet works, but I can’t access to my company shared folder because the VPN is not connected.I’ve tried several different Wi-Fi netw...

Kayyyy by L0 Member
  • 1278 Views
  • 1 replies
  • 0 Likes

Adding PA DR site globalprotect SSL-VPN gateway

Hello Team, Currently we are duscussing adding a DR site for our network. currently in the main datacenter we have globalprotect SSL-VPN configured. and now we are about to add a new PA-1410 in the DR site, and also configuring the Gateway for our employees. now we will have 2 portal IPs, the main and the DR one. Is there a way to ...

Unable to reach Palo Alto - Global Protect Portal.

Hey everyone,I’m currently deploying a GlobalProtect VPN on a Palo Alto VM-Series firewall running PAN-OS 10.2.16-h4 in AWS.Everything seems correctly configured according to the official GlobalProtect Admin Guide (portal, gateway, SSL/TLS certs, interfaces, routes, and security policies), but the portal is still unreachable via browser or Test-...

asamboni by L0 Member
  • 1892 Views
  • 1 replies
  • 0 Likes
  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks