This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)

Hi, Has anyone running the client version of GP successfully mittigated the Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater) for the GP portals? I have only found ways to disable DHE for clientless GP configuration. We are running PANOS 10.1.10 h1 but it seems like DHE is supported on all PANOS version even though it ...

How can i apply different HIP Policy for external users?

Hello Dear Community, I have 2 SSL VPN rules assigned to my username in Palo Alto firewall. For testing purposes, I added a HIP profile to only one of them. The device I tested does not comply with the HIP profile. The VPN connection is notifyed as failed. The rule to which I applied the HIP Profile is not working because the computer I'm using ...

Global Protect client connected an able to send traffic but not replying when traffic is initiated in the Datacenter side

Hi, I am having a problem where random global protect clients are connecting and are able to send traffic through the tunnel to the Data Center when traffic is initiated in the client workstation. However if we try to RDP or send any traffic to the connected VPN client initiated from the Data Center side, we are seeing in the capture that traffi...

VPN Login Failures

Hi, I received two kinds of events when I tried to connect VPN. Which event I can consider as a threat. I have excluded the username pre-logon from monitoring but for the destination 0.0.0.0 is receiving. Why destination IP show 0.0.0.0? Can I ignore it? Destination IP as 0.0.0.0 <14>Aug 31 10:00:24 PA-FW1 1,2023/08/31 10:00:24,0163...

Global Protect HIP issues with Jamf Agent

Hi All I am having difficulties with HIP testing from Global protect to detect for Jamf Pro on Macintosh devices. We use the Cloud based Jamf Pro and the only options for HIP Objects for this is either for a plist or Process. Plist is out of the question (Unless someone can hopefully prove me wrong) and the issue with the process that the binary...

Exclude a Application behind Clientless VPN from decryption

Hi all, I am currently facing the problem of publishing an internal web application via GlobalProtect Portal and Clientless VPN. The principle is already used by us and works very well so far. However, this one particular application has a property that makes SSL decryption impossible. With "normal" SSL decryption, you can either set a no-de...

Resolved! Global Protect Not working MacOs Ventura

I use Macbook Pro 14 Inc M1 Pro with MacOS Ventura (13). Running PAN OS 10.2.3 and Global Protect But my global protect not working with this issue P1772-T26627 11/01/2022 07:47:44:451 Error( 80): CPanSocket::Connect - Failed to connect to server at port:4767P1772-T26627 11/01/2022 07:47:44:451 Error( 241): Cannot connect to service, error: 61...

Global Protect HIP Testing with Fortinac / Bradford - Macintosh PC's

Hi All I am having difficulties with HIP testing from Global protect to detect for NAC Persistent agent (formally called Bradford agent) on Macs. I have put in a process in the HIP object to look for /Library/Application Support/Bradford Networks/Persistent Agent/CSA.app but this is not being detected, The other option is to use Plist but once a...

GlobalProtect for iOS and Intune data attributes

Hello everyone! I'm currently working on setting up GlobalProtect and having it send appropriate HIP data to the firewall. I got Windows devices working pretty well, but I'm struggling with iOS devices that are managed by Intune According to https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/mobile-endpoint-management/mob...

Globalprotect tries to connect then goes back to 'Connect' button

Having one computer that has issues with the GP client. I have tried GP version 4.8, 5.2, and 6.1 and various means of having them update or refusing to update etc. I have restarted the computer, uninstalled and deleted app data and Program Files folders. Removed every trace of registry entries. Etc etc This single computer just will not conn...

Cannot connect to Global Protect

I have founded some error when connect to Global Protect. 'the network connection is unreachable or the gateway is unresponsive. check the network connection and reconnect' I can connect to the internet and another user setting same network can connect to Global Protect. OS of PC is window11 and I have TrendMicro security agent software and anot...

Apple Mac OS X Ventura 13.5.0 + GlobalProtect App 62.0-89 + SAML authentication

I am authentication through a SAML redirect to Azure and it works perfect with windows users but get this blank pop-up issue when Mac users try to VPN in. I have tried the following advice below with the same results. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP33CAG Use Default Browser for SAML Authentication - Y...

  • 2077 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks