GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Resolved! Global Protect Force Gateway Selection

I am trying to set up GlobalProtect and am having issues with client gateway selection. I have a single portal and will have two gateways set up. One uses SAML auth (general users) and the other one uses DUO auth (for the IT dept). Both are set to be on-demand. I want all users to be presented with both gateways initially, and then clients ...

Recommended config for Globalprotect on Azure active-active LB sandwich architecture?

We are running two active-active VM-300s at Azure using the common firewall architecture reference doc (two Azure standard load balancer sandwich). Now looking to enable Globalprotect gateways and was wondering what best practice would be for external access - use a single address on external Azure load balancers and load balance to VM-300s with...

PanGPS consumes much power when MacBook hibernates

I'm using the GlobalProtect in my MacBook Air. When I close the laptop lid, the MacBook will enter deep sleep state, which consumes very little power. But after I installed the GlobalProtect, the MacBook will consumes a lot of power 5 days after I close my laptop lid. I checked the console, it is PanGPS initiates network connection after 5 days ...

Snipaste_2022-06-24_22-21-16.png
Snipaste_2022-06-24_22-17-10.png

Resolved! Client VPN Traffic

Hi, For security reasons, I need to ensure that all client VPN traffic is going down the VPN to the Palo Alto firewall. I need to prove that to the customer that all traffic from the mobile devices is all going down the VPN tunnel and egressing out of the firewall. How can I achieve this? Thank you.

GlobalProtect Users Unable to Reach Intranet Resources Every Hour/2hrs

Hello, We have been experiencing an interesting issue where users that connect via GlobalProtect, will all of a sudden no longer be able to access internal resources after about an hour/2hrs of initially connecting. External resources work absolutely fine during this period. The only way to remedy this is to disconnect GP/refresh the connection....

Palo_SSH_dropped_traffic.JPG
kbarton by L0 Member
  • 4104 Views
  • 1 replies
  • 0 Likes

Resolved! GlobalProtect MSI opens Microsoft Store?

Got an external user (so connecting from his own PC and not a company one) that tried to install GP downloaded from our portal today, but every time he tries to start the MSI files it just opens the Microsoft Store. I have no clue on how to avoid that and just have him install the normal GP app. He's the only one with that issue with that port...

Global Protect VPN Disconnects Local Network Resources After 4 Hours

Apologies if this is a simple fix / stupid question. We have a group of users who need to use the GP VPN to access certain online resources provided by another company. After about 4 hours with the VPN connected, we lose all access to local network resources i.e. network drives). Only shutting down the VPN will bring them back. Is there a ti...

Importing SSL

Hi, I'm new to importing SSL Wildcard Certificates. I'm trying to import a new ssl wildcard to replace the expired ssl wildcard cert. I was able to import new ssl wildcard cert but the firewall will not allow me to add the new ssl wildcard cert to SSL/TLS profile. The old ssl wildcard cert shows with a SSL/TLS profile.But not the new cert. Do ...

How to configure G-Suite SAML authentication for Global Protect

I am trying to set up G-Suite SAML authentication for Global Protect. I followed the directions outlined here to the letter: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008UIjCAM I get the following errors: On Google Chrome, I get this error 403. That’s an error. Error: app_not_configured_for_user In Firefox, I ge...

Windows11 fails to connect to Portal with client certificate authentication enabled

I finally got combined certificate and user/pass/MFA authorization for our always-on VPN clients to multiple firewalls (cert auth to the Portal for valid asset checks and auto-login to trigger internal host detection, user/pass/MFA auth to the Gateway for actually establishing the VPN). Moved ~225 Windows10 clients in 1 swoop with only 1 problem...

x-auth support

I am trying to enable x-auth support on my Global Protect Gateway I configured and under Agent>Tunnel Settings , I do not have the "enable x-auth" option, only "enable IPSEC" IS this a GP licensing issue? I read the doc for that and it doesnt mention x-auth as one of the advanced features. Thanks

Resolved! Global Protect SAML Okta groups integration

I'm currently working on setting up our 2 PAs for VPN. I'm trying to get the configuration set up to do something similar to what we had on Cisco but with PA and SAML instead of LDAP. I've followed this doc https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-GlobalProtect.html but in section 8 it doesn't exac...

sirons by L1 Bithead
  • 4259 Views
  • 1 replies
  • 0 Likes

Global Protect Azure AD MFA

I've recently setup and succesfully tested a new portal and gateway with Azure AD MFA and the global protect app. Currently i can log into my iphone app and I receive the portal auth, (LDAP) and then get prompted for the Microsoft sign in followed by the MFA (SAML), in my case I'm utilizing the MS authenticator app. All is good with this setup ...

danoman2 by L3 Networker
  • 2555 Views
  • 1 replies
  • 0 Likes
  • 1675 Posts
  • 68 Subscriptions
Top Solution Authors
Labels