When connecting with Ironchip (MFA), two-factor authentication is only succesfull if the IP is specified in the gateway. If we use the domain to connect GlobalProtect the MFA is not working. The client auth is
HIP Checks can check for 4 different types of browsers version at the same time like Chrome, Firefox, Safari, Edge?
Hi all, Here i have a requirement to uninstall Global Protect with a password. i configured the APP Tab as "allow with password" We entered the right Password, but still its showing Password does not match. PAN-OS installed in FW 10.1.9 Can anyone guide me.. Thanks in advance 🙂
Hi,I have a Linux with 6 users profile , how can I setup Global Protect VPN so that each user will use their own certificate,Global now sees the user's last imported certificateLinux 20.04 ltsc GP 5.3.4
Hi Folks, One of our customer has a requirement in GP as follows, GP user working in home network >> connect GP automatically > should not have permission to disable GP When the same user working from Office LAN network > GP has to detect user located in office LAN > then GP should disconnect automatically. this kind of f...
Hello Team, I would like to find out if there's an way to check if GlobalProtect agent status is connected and VPN is active on Macintosh using bash or zsh command line or script. Thanks.
With the IPv6 sinkholing feature not enabled, Mac and Windows users used to be able to successfully connect to IPv6 resources--seemingly completely bypassing GlobalProtect. Then some Mac users reported not being able to connect to those IPv6 resources anymore. The wisdom of allowing this IPv6 connectivity is of course debatable and it probabl...
If the IPv6 sinkholing feature is enabled for GP / Prisma Access, does split-tunneling IPv6 traffic work? We have some users that need to access some resources via IPv6 but would like to sinkhole all other IPv6 traffic.
Hello, I am setting up the Global Protect VPN on our PA-850 and unable to connect with MAC OSX clients. I am using Azure for 2-factor and the vpn is working fine with windows clients. On a MAC (13.1) I get the 2-factor sign-in but the Palo Alto embedded web page is not coming up after signing in and will not connect. The PA firmware is 10.1.6 ...
We recently switched from the built-in authentication window, to the default browser window for SSO sign-in with O365 SAML. This has worked fine for about 50% of people, however, the other 50% are not being signed in automatically. They have to press the Click Here link in their browser window. All of our browsers are managed by O365 and have th...
GP gateway and portal are configured properly and they are working as expected. We want to deliver the GP agent to all employees in a automatic way using our MDM tool which supports PowerShell and bash scripts. And also we using split tunnel for the configuration, so we need to have system extension enabled on all agents. If there is any way to...
Hello all, I was wondering if the value of my made plist can have wildcard.I have currently made one that checks the plist "com.apple.softwareupdate" to find the OS version, and wanted the key value to be, as an example "13.2*" or even "13*". I know there is an already made one that checks for OS version by paloalto, however I wanna input th...
We have several Palo alto firewalls in production now. We currently have client vpn going to Cisco ASAs. We are looking to move the VPN to the Palo Alto. I have been able to get a single vpn profile working. Before we can move to the Palo Alto, i need to figure out how to get the Global protect vpn working similar to the ASA anyconnect vpns. On ...
From what I can tell Global protect was deployed via Intune to laptops. I have tried to add a portal to the global protect portals/gateways and it doesnt propagate to the clients so I assume there is something that is preventing this and the Intune settings override it. How can I add another portal to the GP client for all my users and allow the...
The vpn gui is stuck saying connecting... and never loads the gateway page. After looking at the logs, it kept saying CPanMsgQueue::create - failed to create message queue. error = 13. I am running Ubuntu 22.04.1 LTS
BPry
on:
MacOSX Tahoe 26.4.1 (25E253) / Global Protect 6.3.3: Network is unreachable
