Migrate GP users from on-prem to Prisma Access gateways

Hi-

I'm planning a migration of Windows and Mac OS clients from our on-prem GP gateways to Prisma Access. I had planned on making use of registry and plist settings, specifically 'portal' and 'prelogon,' to force the GP client to connect to the Pri

Global Protect Portal Client Certificate Authentication - Cert not found

I am trying to setup Global Protect Portal authentication using Client Certificate Authentication instead of radius. I generated CA and self signed cert on the palo. Configured Client Cert profile and attached it to Portal -> Authentication (removed

Global Protect sole credential provider for Smart Cards

For weeks, we have been testing combinations of attempting to go passwordless via the use of Smart Cards.  The reason being is that Smart Cards work with all the technologies we have and Global Protect supports PIN SSO with Smart Cards for a seamless

Global Protect and another VPN Client

Hello to everyone,

In my environment, the GP is set as always on and it works properly. The problem is that some clients have started demanding that we access them through the VPN client they provide us with.
I know there is an option to allow the user

mac users gp authentication issue

Hello Team,

All of the mac users are getting authentication issue errors on their screen and unable to enter the credentials. The pop window is blank.

Kindly find the gp logs below:

P41029-T12039 Oct 11 13:52:35:203760 Debug(2142): ----portal pro

GlobalProtect -Select Certificate Error?

Hello, I'm a help desktop tech. I have a user who is asking why he is receiving this error message. I'm not sure myself, can someone explain it to me. Thank you

need specific endpoint exceptions after applying signature based global blocking.

Hi Team,

we have blocked a couple of malicious files globally with signature-based by creating a group policy. we need to give exceptions for some of the endpoints. for example, we are blocking team viewer, what 'app, and VLC player in globally wit

Global Protect keychain prompt on M1 Mac.

With the new M1 macs, Global protect is just looping requesting for keychain Access. This is with Cert based Authentication and seems to be limited to only doing it on the newer M1 macs. 

Client version: 5.12

Tired the steps in this article with no

Authentication Radius doesn't work after upgrade firmware to 10.2.2

Hi everyone,

on PA-220 I've update firmware version from 10.1.5h1 to 10.2.2.

We have globalprotect work with Radius Authentication with protocol PEAP-MSCHAPv2.

After the upgrade it doesn't work anymore. (it works with other protocol, like PAP).

Certifi

GP 6.1 for Mac not prompting for domain login unless GP 5.10 was previously installed

To start with a little history.  Our fleet was all Monterey and running GP 5.10.  As we prepared for Ventura, we first pushed out GP 6.1 to the Monterey systems.  Then they upgrade to Ventura and everything has been fine.  That is for pre-existing ma

Global Protect Always On VPN Pre-Logon

Hi

Running into issue with prelogon not working properly. I have pretty much mirrored the configuration from this KB - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0

Scenrio - when Laptop is connected to On prem

GPS Packet capture

Hi Guys,

Just noticed that PanGPS debug is starting to capture packets that are detected by the external monitoring agent.

I m wondering why it happens or if this is a native behavior. How do I go about stopping it? Is this even normal?

Not all the e

Globalprotect login rate

Anyone know where to look for the GP login rate? For example, how many users are logging on per sec, min, hour, day?

global protect not connecting internally

Hello,

As one of our customers wants to connect the global protect from the local network.

the week before customers can able to connect global protect globally and locally. but now not able to connect global protect from local network getting error a