MFA on PAN-OS Firewall (okta integrated) redirects on GP instead of browser for HTTP resources.

I have MFA deployed on the firewall ( okta integrated), based on implementation if user is accessing http/https based resources then redirect will happen in Browser however, for non-http applications MFA will prompt on GP client App,

Please note port

GlobalProtect Web Portal - Domain Validation Code (DVC) - /.well-known/pki-validation

Does anyone know how to go about performing domain validation for an IP address for the GlobalProtect Portal?

This is a standard supported by most Certificate providers but I can't find anything about it when searching Palo Alto's site.  With this

GlobalProtect session disconnected while I using remote session

Hi All,

I got issue that Global Protect session disconnected while I using remote session. As I understanding that I need to set setting "User Switch Tunnel Rename Timeout (sec)". Am I correct? if yet where can I set this setting and guide me please.

Users connected to on-prem GP gateways which are managed by Panorama

Hello - 

I have users that are connected to on-prem GP gateways which are managed by Panorama and I would like to have these on-prem GP users mapped to an Infoblox server.

Is there any way to do this?

GP 6.0.6 - Cookie expired only from mobile phone

Hi,

we have PA-850 and we deployed GP 6.0.7 for desktops and 6.0.6 version for mobile phones.

The authentication is based on SAML via Azure and every connection from desktops works flawlessly.

Recently we started receiving complaints from users that

Group Login condition Azure Groups

Hi,

We are using our on prem LDAP to fetch groups on the Palo. For GP authentication as well, we are using group in

1) GP Portal > Agent > Config Selection Criteria > User/User Group

2) GP Gateway > Agent > Client Settings > Config Selection Criteria

SAML cookies and global protect cookies

Hi,

If I am using SAML authentication on my portal and gateway what is the best practice around Authentication cookies override.

When using SAML my user will be prompted via the default browser 2 times ones for the portal and ones for the gateway.

upgrade Global Protect Client

We need to upgrade Global Protect Client from 5.2 to 6.2.7 ,

Is the direct upgrade would be possible or do we need to upgrade to any intermittent OS.

How to Update the SAML Certificate When Integrated with Azure AD and SAML.”

Hello,

I’m using Azure AD as the Identity Provider (IdP) and GlobalProtect as the Service Provider (SP) for SSO. I’m having difficulty updating the SAML certificate.

I’ve followed these steps:

1. Issued a new SAML certificate in Azure AD.
2. Imported

GlobalProtect Random disconnects

Hello,

Has anyone else have issues with random GP disconnections since recently (May/June/July 2021) on GP version 5.0.x and 5.2.x ? 

It started around one month ago throughout the whole company and we weren't able to figure out what's going on till no