GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

GlobalProtect integrated login

Hello, We currently have GlobalProtect setup with always-on, with certificate logon and credentials (via RADIUS via AD). Right everything is working as designed. We have a desire to remove the manual login once globalprotect launches in the user session (so one logon; just Windows). How do we enable GlobalProtect to automatically logon while usi...

mrt3385 by L0 Member
  • 2044 Views
  • 2 replies
  • 0 Likes

Launching Global Protect from Microsoft myapps portal

We currently have our palo firewalls tied to Azure SAML for our vpn users. These users multi factor authenticate through azure. When clicking global protect from the taskbar, it opens and users are able to connect. What I would like to do is point users to the myapps.microsoft.com portal, show the palo app, users click this app and it launches t...

Does a new Split Tunnel require client restart?

We are implementing a split tunnel to separate 365 traffic. Once we configure the Split Tunnel, will the user be required to restart either the client or the PC? before this becomes effective, or should this be an automatic process... If so... how long before it kicks in ?

dgray1 by L0 Member
  • 2278 Views
  • 2 replies
  • 0 Likes

split tunneling

I am trying to get global protect gateways set up on two PA-850s. Cant seem to get split tunneling right. wondering if i need licensing. the description for licensing states that it is needed for split tunnleing by domain, but not for doing it by IP address, which is what i am doing. anyone know if i need the licensing?

Resolved! Palo Azure SAML issue

Our AD forest is yz.abc.com We have GP working with LDAP but user has to enter creds as yz\user For the SAML profile it only configured for test portal authentication separately, no agent configuration done yet. When I access portal in browser i get this error although SAML profile allows all users SAML SSO authentication failed for user \'use...

image.png
image.png
image.png
image.png
raji_toor by L4 Transporter
  • 4085 Views
  • 1 replies
  • 0 Likes

GlobalProtect Authentication Override

Been using Radius auth to portal with auth override to gateway for years but seems to now be playing up... Gateway is requesting radius auth and ignoring override settings. This is the same issue on both Windoze and IOS. PA 3020 9.1.14 We have no custom checks, just Radius auth (which is working fine) Many thanks in advance...

Resolved! pre-logon - not seeing "pre-logon" user in traffic logs / 0 hits on pre-logon policy rules

I'm testing out pre-logon always on VPN with a pretty basic setup. My pre-logon tunnel is coming up and seems to work fine, however I am not seeing any hits on a permit any/any security policy rule that has the source users set to "pre-logon". Nothing in the traffic log either, just shows a blank user for traffic prior to successful user auth. U...

Assigning a static IP to a Global Protect user

Is there a way to assign a static IP to a global protect user? I have a couple security policies that specify userids in the source, but the policies are not getting picked up. They are dropping to the default deny. I verified that the userid shown on the traffic monitor matches the rule, but it is not working. I was thinking that if I 'assi...

Global Protect HIP check severity numbers (Windows)

The Global Protect documentation for severity numbers is a little incomplete. I opened a TAC case and got the full breakdown and wanted to document it. Severity Value Rating-2 (PATCHMANAGEMENTAGENT_SEVERITY_NOTAVAILABLE) -> not available-1 (PATCHMANAGEMENTAGENT_SEVERITY_UNKNOWN) -> unkno...

staustin by L2 Linker
  • 3133 Views
  • 1 replies
  • 2 Likes

GlobalProtect "Connect Before Logon" not working with Duo SSO

We recently implemented Duo Multi-Factor Authentication (MFA) and have configured GlobalProtect to use Duo's SSO service (which in turn Duo uses Azure AD for authenticating the user). We are using SAML for authentication, so when the user clicks 'Connect', GlobalProtect does the portal connection first and is told by the Palo Alto to open it's...

jrauman by L2 Linker
  • 6121 Views
  • 1 replies
  • 1 Likes

Force GlobalProtect Portal refresh of connected clients?

Is there a way to force the refresh of the portal agent config on connected clients? We have multiple portals and multiple gateways for VPN load distribution and fail-over capabilities. When developing/testing changes to the GP VPN I will often take a gateway out of rotation by deleting it from the portal external gateway config. The following d...

GlobalProtect SAML Not working

Hi We have recently deployed SAML authentication on our existing GP environment and this is working fine on most devices. Currently we are in a migration phase, which means only that the gateway is using SAML and the portal is still using on prem AD credentials (not saml). A few users experience the following behaviour: when logging into their...

  • 1675 Posts
  • 68 Subscriptions
Top Solution Authors
Labels