This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! Global Protect SAML: authentication works fails on matching client config not found. Group not matching.

Hi, I am trying to configure globalprotect to use SAML authentication for the portal and gateway. The authentication seems to work but when, but i am not getting a valid client config when i use groups in allow list. I am sure it is related to group mapping and user id but don't know where exactly it is going wrong. I have the following conf...

zGomez_0-1694012059685.png
zGomez_1-1694012177202.png
zGomez_2-1694012661065.png
zGomez_3-1694012917716.png
zGomez by L3 Networker
  • 4705 Views
  • 1 replies
  • 0 Likes

Resolved! HIP profile is not working with WAN rule

Hello valued community, unfortunately, I am still seeking answers for my issue. I have an HIP profile that works when defined as an example for someone establishing a VPN connection using RDP. However, I am unable to achieve results when applied to a WAN rule. Precisely, what I want to achieve is this: If it doesn't meet the conditions specified...

Resolved! VPN user not allowed to gain access

Has anyone dealt with an issue where a vpn user is out of the country and cannot gain access? They are prompted to login, but it just continues to spin. In the GlobalProtect logs, it's saying 'success' though the portal, but not through the gateway.

How to Update the SAML Certificate When Integrated with Azure AD and SAML.”

Hello, I’m using Azure AD as the Identity Provider (IdP) and GlobalProtect as the Service Provider (SP) for SSO. I’m having difficulty updating the SAML certificate. I’ve followed these steps: 1. Issued a new SAML certificate in Azure AD.2. Imported this new certificate into GlobalProtect.3. Activated the new Azure AD SAML certificate in GlobalP...

taro1021 by L0 Member
  • 9306 Views
  • 1 replies
  • 0 Likes

GlobalProtect Random disconnects

Hello,Has anyone else have issues with random GP disconnections since recently (May/June/July 2021) on GP version 5.0.x and 5.2.x ? It started around one month ago throughout the whole company and we weren't able to figure out what's going on till now.There is no preceding events logged in the GP debug or dump level trace that would point to an ...

Resolved! Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)

Hi, Has anyone running the client version of GP successfully mittigated the Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) for the GP portals? I have only found ways to disable DHE for clientless GP configuration. We are running PANOS 10.1.10 h1 but it seems like DHE is supported on all PANOS version even though it ...

How can i apply different HIP Policy for external users?

Hello Dear Community, I have 2 SSL VPN rules assigned to my username in Palo Alto firewall. For testing purposes, I added a HIP profile to only one of them. The device I tested does not comply with the HIP profile. The VPN connection is notifyed as failed. The rule to which I applied the HIP Profile is not working because the computer I'm using ...

Global Protect client connected an able to send traffic but not replying when traffic is initiated in the Datacenter side

Hi, I am having a problem where random global protect clients are connecting and are able to send traffic through the tunnel to the Data Center when traffic is initiated in the client workstation. However if we try to RDP or send any traffic to the connected VPN client initiated from the Data Center side, we are seeing in the capture that traffi...

VPN Login Failures

Hi, I received two kinds of events when I tried to connect VPN. Which event I can consider as a threat. I have excluded the username pre-logon from monitoring but for the destination 0.0.0.0 is receiving. Why destination IP show 0.0.0.0? Can I ignore it? Destination IP as 0.0.0.0 <14>Aug 31 10:00:24 PA-FW1 1,2023/08/31 10:00:24,0163...

Global Protect HIP issues with Jamf Agent

Hi All I am having difficulties with HIP testing from Global protect to detect for Jamf Pro on Macintosh devices. We use the Cloud based Jamf Pro and the only options for HIP Objects for this is either for a plist or Process. Plist is out of the question (Unless someone can hopefully prove me wrong) and the issue with the process that the binary...

Exclude a Application behind Clientless VPN from decryption

Hi all, I am currently facing the problem of publishing an internal web application via GlobalProtect Portal and Clientless VPN. The principle is already used by us and works very well so far. However, this one particular application has a property that makes SSL decryption impossible. With "normal" SSL decryption, you can either set a no-de...

Resolved! Global Protect Not working MacOs Ventura

I use Macbook Pro 14 Inc M1 Pro with MacOS Ventura (13). Running PAN OS 10.2.3 and Global Protect But my global protect not working with this issue P1772-T26627 11/01/2022 07:47:44:451 Error( 80): CPanSocket::Connect - Failed to connect to server at port:4767P1772-T26627 11/01/2022 07:47:44:451 Error( 241): Cannot connect to service, error: 61...

Global Protect HIP Testing with Fortinac / Bradford - Macintosh PC's

Hi All I am having difficulties with HIP testing from Global protect to detect for NAC Persistent agent (formally called Bradford agent) on Macs. I have put in a process in the HIP object to look for /Library/Application Support/Bradford Networks/Persistent Agent/CSA.app but this is not being detected, The other option is to use Plist but once a...

  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks