GlobalProtect Discussions

Windows 11 22H2 device guard Radius MS-CHAPv2

Hi,

The newly released Windows client update 22H2 enables device guard by default which will block MS-CHAPv2 for radius authentication use.

We currently use this for our GP configuration since radius auth supports users changing expired passwords v

02322099

Hi Team,

We have a scheduled session with client at1.00 pm IST for the case 02322099. but end of the moment TAC engineer is informing us to reschedule the session. as this is a scheduled session we can't reschedule it kindly align another engineer

Allow User to Uninstall GlobalProtect App option for MAC

Hello guys,

The customer wants to restrict users from deleting GlobalProtect.

As shown in the figure below, I can configure it so that it cannot be uninstalled for the window user, but I cannot find the relevant setting for MAC.



Does anyone know a

Global Protect - Connect before logon Questions

Good Afternoon, 

I have two requirements that I am trying to meet with Global Protect:

1. Pre-logon for a new or existing remote user that has never logged onto a new pc. I set this up and it seems to be working fine and smoothly transitions the

Reset windows10 password without connecting on-prem domain controller

Is updated password will sync to device, without connecting on-prem domain controller. 

Global protect client upgrade issue

When Global protect client upgraded from 5.2.10 to 5.2.12 for MacBook,  global protect clients enter cycled installation. Automatically disconnect ssl vpn--->prompt to upgrade---》automatically exit global protect client--〉open global protect client--

Global Protect Virtual Adapter not set up correctly due to a delay, then gateway unreachable

Hi everyone,

Running into this issue, I saw solutions in past threads like this one.
https://live.paloaltonetworks.com/t5/globalprotect-discussions/the-virtual-adapter-was-not-set-up-correctly-due-to-a-delay/td-p/382464
This did not resolve the issue f

Force GlobalProtect Portal refresh of connected clients?

Is there a way to force the refresh of the portal agent config on connected clients? We have multiple portals and multiple gateways for VPN load distribution and fail-over capabilities. When developing/testing changes to the GP VPN I will often take

After upgrade PANOS from 10.0.6 to 10.2.2 source username showing as different format.

Hi,

Need help on below.

After upgrade PANOS from 10.0.6 to 10.2.2 source username showing as different format. bellow is the screen shot from log for reference

On above log discovery\mole... is the correct format and molemo2 is different format.

G

getting multiple DNS entry on DNS server who are connected to global protect client

getting multiple DNS entry(home networks and other interfaces as well) on DNS server who are connected to global protect client

GlobalProtect SAML Not working

Hi

We have recently deployed SAML authentication on our existing GP environment and this is working fine on most devices. Currently we are in a migration phase, which means only that the gateway is using SAML and the portal is still using on prem A

Gobalprotect error : Cannot decrypt cookie in MAC

Hello guys,

Customer is currently using the GlobalProtect authentication method linked to Okta SAML in the prism access.

The authentication worked well until yesterday, but it does not work as shown in the attached screenshot from today.

Str

GlobalProtect unable to connect. TLS issue

Hi all,

I just wanted to share something with you all. We are rolling our GlobalProtect to all our users and we came across the following issue with some users.

1.Users can not connect via GlobalProtect or even connect to the web portal.

2. Users a

Message an error has occurred in the script on this page when trying to connect to GlobalProtect

Hello team

When connecting to GlobalProtect VPN for Windows we detect this error "an error has occurred in the script on this page"

We have tried to perform 

1. Clear your Internet cache.
   1. Open the Start menu and search for Control Panel.
   2. Open the Control

GlobalProtect GW redundancy and preemption

Does anyone know if GW preemption can be achieved with GlobalProtect Agent?

Meaning, that we use primary and secondary GW, whereas secondary GW should be used only in case primary is not reachable.

So far, the failover to secondary GW works perfectly