This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

Resolved! Global Protect Behind NAT

I have a PA-800 with global protect configured in an internal network. A 1to1 NAT has been setup to map a public IP address to the internal IP address of the external interface of the PA. The 1to1 NAT is on a Cisco ASA5508X with direct passthrough on 443. I set the same internal IP address on the portal and the gateway. When authenticating from ...

Global Protect - Require Machine Cert only for Windows and MAC machines (and all other systems can just use username/password)

Hi there,I'm trying to build out a config in my lab where my global protect configuration requires a machine cert and username/password for only Windows OS and MAC OS systems and then for IOS and ANDROID devices, they will only require username/password. My lab is running an old PA-5050 on PAN OS 8.1.23. I'm finding that the only option is to ...

mslavens by L1 Bithead
  • 2042 Views
  • 1 replies
  • 0 Likes

Resolved! Connecting to my customer's GP vpn, most of my browsers display NET::ERR_CERT_AUTHORITY_INVALID

In the not too distant past, I could fire up my customer's vpn allowing me to access their network while maintaining my own. In other words, I could surf my development sites, get my business' email, and basically function while working. Something changed, and now when I enable their VPN, 95+% of my network connections report: "Your connecti...

Resolved! New Windows 10 VM - will not connect to portal

I work as a consultant at a company using GP (5.2.11-10). I have numerous virtual machines (Windows 10, 7, and Xp) to support development, and they all will connect to the portal. The customer has a well defined installation process (trivial): 1) go to this link to download the correct version (32 or 64bit) then install; 2) set the portal to x...

Resolved! Global protect step by step with Pointsharp

Hello, I'm interested in IT and I'm a beginner. I read some documents on the internet Could you please correct me to know if I have understood correctly? When a customer connects with his login and password to his company's vpn using global protect. Step 1) the Pointsharp server makes a request to the active directory to confirm the login ...

count each ip pool ip utilization

my globalprotect gateway had many configs and each config had own ip pool. i want to monitor the each ip pool utilization. how to monitor and. count the number of ip used in the globalprotect gateway-->agent-->client settings-->configs---> IP pool.

Resolved! GlobalProtect Gateway Configuration - Different IP pool if BYOD is used

Hi, I recently received the following business requirement. for some internal SSO applications to work correctly, they need to whitelist IP ranges to make SSO work as expected. If the user is logged in using a corporate laptop enrolled in Intune, they use a corporate user account and the SSO works after the VPN is established. On the contrary, i...

Unable to upgrade the global protect client automatically on the Client machines

Hi Team Recently I tried to upgrade my GP version from 5.2.10-6 to 6.0.3 and activated it, however, my clients are not seen automatically upgrade to the latest 6.0.3 version. In the portal Client settings are set to theTransparently only (APP), while we try to connect to the GP on the client machine the prompts will be appear to upgrade ...

Resolved! Unable to Download GlobalProtect from Firewall

Hi Community I am trying to enable GlobalProtect on my FW, but I am unable to download GlobalProtect. When I go to Device > GlobalProtect Client and select a version to download, this fails. I get the following error message: "Failed to download due to Empty file returned by update server. Please try again later. Failed to download file" I ...

MaxR2023 by L1 Bithead
  • 11778 Views
  • 3 replies
  • 0 Likes

Zoom shows offline after connecting to Global Protect VPN

We are in the process of migrating to Global Protect VPN and we are doing pilot with few users. One issue we are observing is with zoom. After connecting to Global Protect VPN, zoom still shows off-line for few minutes or until user changes the state to available. We are using Global Protect Agent 5.2.10-6. We are not using Split tunnel and...

Resolved! VPN Total Connections Report

Hello, I am trying to figure out how to get a report that would show the total connections that were made VIA Global Connect. I can see this when I go look at the Gateway as it shows how many people are connected there. Is there a way to get a report for the last 30 days stating this number? This is on a PA-3200 PAN-OS 10.x.x Thank you,Tom

thoffman_0-1665426365122.png
thoffman by L2 Linker
  • 2433 Views
  • 2 replies
  • 0 Likes

GP: AzureAD SAML Authentication with iOS Device ID

I'm using AzureAD SAML authentication with GP. GP Portal and GW are the same setting for Windows, mac and ios. Azure SAML authentication uses device ID authentication with Intune. For Windows and Mac, AzureAD can confirm the device ID and SAML authentication is possible. However, the iOS device does not receive the device ID to AzureAD. Theref...

AzureAD_Auth_log.jpg
TMori by L0 Member
  • 1832 Views
  • 0 replies
  • 0 Likes

Resolved! GlobalProtect client previous gateway settings

Does anyone know if the GP client uses the settings it previously received from a gateway when it initially connects? In my past life using Cisco AnyConnect, a change to the AnyConnect profile would only become "active" if the user connected twice to the ASA after the change. The first time would push the change to AnyConnect, and the second t...

Is there a way to accept both SAMAccountName AND UserPrincipalName for user authentication?

Bottom line I would like my user to be able to authenticate using either "MyUserID" or "MyUserID@MyDomain.com". Can this be done? Right now, my users authenticate using their SAMAccountName/userID. As we move toward x.509 Personal Certificate authentication, the user certs provide a UPN (email address). Given a user who has a SAMAccountNam...

Globalprotect with client certificate authentication on Linux (TPM support?)

I'm currently using client certificates as authentication for windows clients. Our security team requires that the key is stored on TPM. As far as I can tell, RedHat supports storing keys on TPM as well TPM RedHat Does anyone know if Globalprotect supports using certificates where the key is stored on TPM? The current Globalprotect linux docume...

erikda by L2 Linker
  • 2262 Views
  • 0 replies
  • 1 Likes
  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks