GlobalProtect Discussions | Palo Alto Networks

GlobalProtect authentication with NPS Plugin to Azure MFA problems

Hi, We have configured GlobalProtect to use NPS Plugin to Azure MFA as primary authentication. The thing is that it only works every other time, when it doesn't work it says "Radius Timeout". Any ideas of what could be the problem? We have tried with both OTP and Push notifications in the Microsoft authenticator app but it's the same problems.

Globalprotect iOS connect and internet issue

Hello, sir Globalprotect is set up and in use, but there is a problem in iOS In Android, it is normally connected and the Internet is connected through the GP, but in iOS, it is connected, but the Internet is not available, and the log value is as follows 11/28/2022 14:11:59:145 [Info ]: GlobalProtect service started (client version: 6.0.4-8, ...

Internal/External Gateway User-id

Dear Guys, I try to configure my global protect portal to connect my clients through external or internal networks. I configure my agent with internal detection and external parameters. When i connect in the internal networks, the FW see me in the internal network but in the monitor tab i don't see the user-id with my private ip address. When i ...

Configure GlobalProtect Pre-Logon using SAML authentication with Azure MFA

Is there a knowledge article for how to configure GlobalProtect with SAML authentication and Azure MFA. Currently we authenticate using Radius with Azure MFA extension. Currently we have test configuration with GlobalProtect using SAML authentication but haven't worked out how to enforce Azure MFA.

How to re-prompt authentication login when intregate OKTA when user close window promt login

Hi Expert , I would like to know how to config GP to re-prompt authentication login when user close login prompt (We integrate OKTA) because we found when user close the GP will connecting alway not prompt again even through will refresh connection we must restart PAN GPS instead. Thank you

Need to configure Globalprotect for NSX-T north-south traffic.

Need to configure Globalprotect for NSX-T north-south traffic. Hi, I am looking for documentation of globalprotect VPN with NSX-T manager. Is this configuration possible? If possible could you anyone help?? Thank you in advance.

Can PAN gateway client config use both IP based split tunneling and use domain name exceptions?

When I first set up the client-config a couple of years ago I tried out the name based split tunneling and it didn't seem to work. As I was under the gun I implemented IP based split tunneling but never ran the name based split tunneling issue to ground. If I already have IP based split tunneling, should I be able to add a DNS exclude to not be ...

SAML authentication with global protect gateway configuration client settings user set to specific

The customer tries to put specific users in the global protect gateway agent and he tries to give a specific IP pool to each user. If the user sets it to any then it's working but if the user sets it to specific then it's not working with SAML integration.

Resolved! PA-300 induced high latency for GP clients with just 200Mbps troubput

Our users on Global Protect clients downloading a somewhat large file all at the same time. The aggregate amount download was 200GB over a couple of hours. The server they were downloading from was outside of our data center and the files were going through Global Protect because the destination server was part of the split tunnel. During this p...

Issue using MFA in GlobalProtect )

When connecting with Ironchip (MFA), two-factor authentication is only succesfull if the IP is specified in the gateway. If we use the domain to connect GlobalProtect the MFA is not working. The client auth is

HIP Check to check all browser version in host

HIP Checks can check for 4 different types of browsers version at the same time like Chrome, Firefox, Safari, Edge?

Need to Allow user to uninstall Global Protect with a Password

Hi all, Here i have a requirement to uninstall Global Protect with a password. i configured the APP Tab as "allow with password" We entered the right Password, but still its showing Password does not match. PAN-OS installed in FW 10.1.9 Can anyone guide me.. Thanks in advance 🙂

GlobaProtec many accound and certificate on linux

Hi,I have a Linux with 6 users profile , how can I setup Global Protect VPN so that each user will use their own certificate,Global now sees the user's last imported certificateLinux 20.04 ltsc GP 5.3.4

Resolved! Is it possible to automatically connect GP when the user in Home network and automatically disconnect GP when the user in Office network.

Hi Folks, One of our customer has a requirement in GP as follows, GP user working in home network >> connect GP automatically > should not have permission to disable GP When the same user working from Office LAN network > GP has to detect user located in office LAN > then GP should disconnect automatically. this kind of f...

Checking if GlobalProtect status is active (connected) via script or command line

Hello Team, I would like to find out if there's an way to check if GlobalProtect agent status is connected and VPN is active on Macintosh using bash or zsh command line or script. Thanks.

Discussions

GlobalProtect authentication with NPS Plugin to Azure MFA problems

Globalprotect iOS connect and internet issue

Internal/External Gateway User-id

Configure GlobalProtect Pre-Logon using SAML authentication with Azure MFA

How to re-prompt authentication login when intregate OKTA when user close window promt login

Need to configure Globalprotect for NSX-T north-south traffic.

Can PAN gateway client config use both IP based split tunneling and use domain name exceptions?

SAML authentication with global protect gateway configuration client settings user set to specific

Resolved! PA-300 induced high latency for GP clients with just 200Mbps troubput

Issue using MFA in GlobalProtect )

HIP Check to check all browser version in host

Need to Allow user to uninstall Global Protect with a Password

GlobaProtec many accound and certificate on linux

Resolved! Is it possible to automatically connect GP when the user in Home network and automatically disconnect GP when the user in Office network.

Checking if GlobalProtect status is active (connected) via script or command line

MacOSX Tahoe 26.4.1 (25E253) / Global Protect 6.3.3: Network is unreachable

Palo Alto Global Protect clients failing to connect intermittently

Pre-Populate Multipule Portal Addresses

Geo blocking after GP login

Latest VPN client version

Re: MacOSX Tahoe 26.4.1 (25E253) / Global Protect 6.3.3: Network is unreachable

Re: MacOSX Tahoe 26.4.1 (25E253) / Global Protect 6.3.3: Network is unreachable

Re: GlobalProtect Cert+SAML

Re: GlobalProtect "Tunnel is down due to keep-alive timeout"

GlobalProtect CBL woes on Windows 11

Unlock your full community experience!

Resolved! PA-300 induced high latency for GP clients with just 200Mbps troubput

Resolved! Is it possible to automatically connect GP when the user in Home network and automatically disconnect GP when the user in Office network.