This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

globalprotect Client certificate with OID requesting users to select their certificate

I recently configured my globalprotect agent to look for a machine certificate including a specific OID to avoid a confusing selection process on devices with multiple client certificates signed by the same CA. Our original configuration started requesting users to select which certificate to use. I wanted to avoid this confusion by including an...

GP with MFA on AD backend

Hi All, need verification please.. looking to implement GP for a client with user-id and MFA. The PA FWs are Azure based same for the AD servers and will use ldap to connect to AD from FWs. The AD has MFA integrated already. so the question is do i need to do anything different on the PA GP config for this to work or straight forward user auth...

Ants by L1 Bithead
  • 873 Views
  • 0 replies
  • 0 Likes

Global Protect issues on few Win10 machines

Hi Guys, already have raised support ticket but no reply for few days, so trying to get some info here. I have seen couple of threads but not sure they are related to issue we have with these few Win10 laptops. We have Palo VM on 10.0.6 OS and GP is 5.2.10-6 .We have few users having problem with GP. From what we can see, is affecting only Win1...

GlobalProtect windows store app - how to???

hi all, new to the palo alto world, however i cannot seem to find info on setting up globalprotect to use the windows store version of the GP app. I've ot the subscription licence applied to my firewall and went throuhg the pocess of creating a clientless vpn connection to no avail.if i use the globalprotect client that i download that works fin...

Resolved! Global Protect Region based connection

Hi Team, We have a requirement to configure the Global Protect as below. > We have 3 locations to connect to. Users should connect to one of these 3 locations based on their nearby location. If User 1 is near to GW3 then he should connect to GW3. If GW3 is not available, then the next nearest location should be connected automatically. Is th...

Migrate GP users from on-prem to Prisma Access gateways

Hi- I'm planning a migration of Windows and Mac OS clients from our on-prem GP gateways to Prisma Access. I had planned on making use of registry and plist settings, specifically 'portal' and 'prelogon,' to force the GP client to connect to the Prisma portal on next restart, but that doesn't seem to be getting the job done. I haven't tried rem...

Global Protect Portal Client Certificate Authentication - Cert not found

I am trying to setup Global Protect Portal authentication using Client Certificate Authentication instead of radius. I generated CA and self signed cert on the palo. Configured Client Cert profile and attached it to Portal -> Authentication (removed Radius auth) and selected Client Cert profile. Also downloaded and installed the Cert and root...

Global Protect sole credential provider for Smart Cards

For weeks, we have been testing combinations of attempting to go passwordless via the use of Smart Cards. The reason being is that Smart Cards work with all the technologies we have and Global Protect supports PIN SSO with Smart Cards for a seamless sign in. There is an unfortunate side effect with the Global Protect Windows Credential Provid...

jaltmann by L1 Bithead
  • 1918 Views
  • 0 replies
  • 0 Likes

Global Protect and another VPN Client

Hello to everyone,In my environment, the GP is set as always on and it works properly. The problem is that some clients have started demanding that we access them through the VPN client they provide us with.I know there is an option to allow the user to disable GP but I would like to avoid that.Has anyone encountered a similar requirement or is ...

mac users gp authentication issue

Hello Team, All of the mac users are getting authentication issue errors on their screen and unable to enter the credentials. The pop window is blank. Kindly find the gp logs below: P41029-T12039 Oct 11 13:52:35:203760 Debug(2142): ----portal processing starts----P41029-T12039 Oct 11 13:52:35:203764 Debug(2164): User profile type is 0(not ro...

need specific endpoint exceptions after applying signature based global blocking.

Hi Team, we have blocked a couple of malicious files globally with signature-based by creating a group policy. we need to give exceptions for some of the endpoints. for example, we are blocking team viewer, what 'app, and VLC player in globally with signature id by using Json script. here we need to give exceptions saying that one user needs t...

Global Protect keychain prompt on M1 Mac.

With the new M1 macs, Global protect is just looping requesting for keychain Access. This is with Cert based Authentication and seems to be limited to only doing it on the newer M1 macs. Client version: 5.12 Tired the steps in this article with no success. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkECAS

phodge by L0 Member
  • 1269 Views
  • 0 replies
  • 0 Likes

Authentication Radius doesn't work after upgrade firmware to 10.2.2

Hi everyone, on PA-220 I've update firmware version from 10.1.5h1 to 10.2.2.We have globalprotect work with Radius Authentication with protocol PEAP-MSCHAPv2.After the upgrade it doesn't work anymore. (it works with other protocol, like PAP). Certificates are ok, nothing changed.We've already tried to change radius server without success.This is...

GP 6.1 for Mac not prompting for domain login unless GP 5.10 was previously installed

To start with a little history. Our fleet was all Monterey and running GP 5.10. As we prepared for Ventura, we first pushed out GP 6.1 to the Monterey systems. Then they upgrade to Ventura and everything has been fine. That is for pre-existing machines. Here is where we are struggling. On new devices with Ventura installed, we are trying ...

Slappy by L0 Member
  • 1453 Views
  • 0 replies
  • 0 Likes
  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks