This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Global Protect cert based authentication.

I've got a machine certificate for pre-logon, and that seems to work great, I can see that I am connected to my VPN from the login screen. But what I have noticed is that when I log into Windows, my username ends up being 'first_name last_name', which is not our actual user naming scheme. I couldn't figure out where it was pulling that from, b...

buck1 by L1 Bithead
  • 1301 Views
  • 1 replies
  • 0 Likes

GlobalProtect authentication behaviour when Encrypt/Decrypt cookie for authentication override expires

Hello. I am looking for some enlightenment as to what happens or should happen when the certificate used to encrypt/decrypt the authentication cookie presented by the GP Portal expires. My assumption based on real world experience shows users are still presented with the cookie using the expired cert regardless. It would be interesting to ...

GlobalPortect Pre-logon (Always On) with certificate authentication only

Hi There Does anybody know, if it's possible to configure GlobalProtect to use a machine certificate for the pre-logon authentication and just a user certificate for the user authentication? For me it looks like, that this won't work. As soon as I am adding a authentication profile like LDAPS to the portal and gateway, the GP agent is able to au...

Global Protect still prompting users to downgrade from 6.x to 5.x (macOS)

Hi. We've had multiple employees complain of being prompted to downgrade from one incremental version of 5 to another and I had assumed that the prompts would stop once everyone upgraded to version 6, but they are still getting the prompts. We are all Mac users. I saw a post from 2018 about navigating through the portal and disabling that option...

Resolved! Global Protect Drops Connection Easily

I observe that Global Protect drops connections while other apps are not. What thresholds need to be exceeded for Global Protect to give up and drop? I would like to consider how to improve network or end point factors to limit the frequency of Global Protect failiures.

Resolved! Traversing Site-To-Site Tunnel via GlobalProtect

Hi everyone, See if you can give me some insight here as I've exhausted all my options. Scenario I have a client who has two branch offices, each one with a PA-440 installed. Both these PAs are linked together via IPSec tunnel. I can confirm that between both these LAN subnets, there is harmonious communication. At the same time, I have crea...

GP MFA Authentication Notifications Non-browser-based applications

Hi, I try to configure a MFA notification, so the GP app will trigger a pop up message to authenticate with a radius server. Here the config guide: https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-user-authentication/configure-globalprotect-to-facilitate-multi-factor-authentication-notifications The authen...

Global Protect using Duo v2 Multi Factor Authentication profile

Hello, I configured everything concering Global Protect and Duo MFA. But I get those errors: This is for Captive Portal Authentication This is for Global Protect Authentication: I used for Portal and Gw of GP same CA self-signed cert (it is valid) and for DUO-Profile I am using Duo Root and Intermidiate certs found on the url of the appl...

bgd_gl_0-1690547872527.png
bgd_gl_1-1690547924217.png
bgd_gl by L0 Member
  • 1166 Views
  • 0 replies
  • 0 Likes

Incorrect Graphic used in Global Protect credential provider tile on Windows 10 - 6.2 Client

We are piloting pre-logon with our Prisma Access instance. Recently, we upgraded GlobalProtect from 5.2.x to 6.2.0-89 and noticed that the Global Protect credential provider tile is not the familiar globe, instead its the same graphic that is used for Smartcards. We did not have this problem with the 5.2.x client. It seems that the problem is un...

Unable to upgrade GP on macos

Trying to upgrade GP to 6.0.5 from 6.0.4-26. Running macOS 13.4.1 (c). I've read the release notes, tried changing some system settings, Googled, and I'm not having any luck. Any guidance would be appreciated. See attached screenshot. TIA

Problem with Certificate install on Apple Silicon Laptops and the workaround I found.

Good Morning Folks, I've run into an interesting issue. My ISP forced a change to the static IP for one of my sites with a PA-220 running 10.2.3-h2. This resulted in changes to both my public IP and my GP portal IP. When I finished changing them, traffic was flowing, my site to site VPN tunnels were happy, and I tested GP portal on My Windows...

Global Protect - Display Issue

Hi there, I have a user who's getting this really weird display issue with Global Protect - screenshot attached. Troubleshooting attempted: - uninstall, re-install - ran app in compatibility mode - adjusted display settings Windows applies to app User advised it's an intermittent issue, sometimes restarting the service works, sometimes res...

A global protect connected client machine access a resource(behind Cisco router) that is connected to the host PA 800 Firewall via IPsec

Hello Everyone,I have a Palo Alto 820 Firewall locally and it has been licensed and configured with global protect for the remote mobility of our users. And It also has a Site-to-Site IPsec connectivity to a remote location of a different organization and the remote end of that organization has a Cisco router to configure the IPsec. There are ex...

  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks