This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

GlobalProtect appliance PCI Compliance

Hi, We're trying to get our VPN appliance PCI compliant and not sure what is going on, as it's automatically failing. Minimum TLS is 1.2 and have disabled all the weak key exchanges. This was done prior to any PCI compliance requirement. When we run the SSL test on ssllabs.com, we're getting an A-. The PCI report contains the below: THRE...

Resolved! Global Protect Gateway unreachable

Good morning! First time posting here. We are seeing an issue with our GP users in that some cannot connect while other can with out issue. The error that we are seeing is that the agent is unable to establish a connection to the gateways. We several gateways that we use (only US based ones) that are pretty evenly distributed with users that are...

Resolved! Split Tunneling Included Sites next hop

I figured I would start here since this seems like an easy fix. We are working to include certains IPs/domains/apps etc in the tunnel. Currently the only traffic that is routed through the tunnel is internal networks, which operates fine, all other traffic goes out through their own gateway. When we try to include a domain like ipchicken.com, I ...

Global Protect in Microsoft Store Outdated

Hello All, I had a customer reach out to me about when the Microsoft Store would have a newer version of GP . Currently the version available is 5.2.8-5. Does anyone know when version 6 would be available? Thank you in advance. GlobalProtect Please note you are posting a public message where community members and experts can provide ass...

bdaniels by L0 Member
  • 2721 Views
  • 2 replies
  • 0 Likes

Server Certificate Error

I was able to connect a few weeks prior to this error by uninstalling and reinstalling the GlobalProtect client. However this is no longer working. I'm getting the Server Certificate Error popup: I checked Device/Certificate Management/Certificates and all my certificates have Status of valid. For VPN I have the setting for Username/Passw...

PaloAltoVPNError.png

unable to install code42 agent when GP is turned on

With GlobalProtect running but not connected the installs are working as expected. Once we are connected to the VPN, getting the following error: Request to activate com.code42.agent.extension failed. The operation couldn’t be completed. (OSSystemExtensionErrorDomain error 8.)

srini3 by L0 Member
  • 1542 Views
  • 0 replies
  • 0 Likes

SAML failed login attempt error mesage

We have SAML setup for GP where we check if user is member of the allow list in the auth profile. We have some illegal attempts which show up in system log with only 2 entries, 'saml-client-redirect' and 'auth-fail' with error message "failed authentication for user \'*******\'. Reason: User is not in allowlist. auth profile \'********\', vsys...

Anbjorn by L1 Bithead
  • 1558 Views
  • 0 replies
  • 0 Likes

GlobalProtect client cant access internal resources

PAN OS 8.1.22 / GlobalProtect Agent 6.0.3 (1) GlobalProtect has no issue connecting to portal/gateway (Dell Latitude, Windows 11) (2) Gateway Access Route (split tunnel)(No direct access to local network is UNTICK) has access to 0.0.0.0/0 (3) VPN users authenticated are assign 10.0.1.1-40 address (4) DNS assignment is 192.168.10.10/24 (dc-01.i...

Jee.Khai by L1 Bithead
  • 2107 Views
  • 1 replies
  • 0 Likes

Comcast domain suffix getting appended into DNS requests over Global Protect

I ran a packet capture on PAN to try and figure out an intermittent problem with one of my GP 5.2.5.66 users (Windows, Surface Pro) where certain web based or internal applications will just start working. The external are Outlook O365, Teams for example. If he disables GP then everything starts working again. We verified he's connected to VPN d...

Global Protect Client and Intune Security Baseline

Greetings PAN community. Hoping to find someone that has seen this issue already so that I can move forward with my implementation of Intune Baselines. We use Configuration profiles at the moment to manage our fleet where we use the Global Protect client for vpn and OKTA for MFA to complete the connection. I have a test group set up in Azure t...

BHill007 by L0 Member
  • 16648 Views
  • 5 replies
  • 0 Likes

Resolved! Different agent configs Problem

Hi there, we have global protect with different agent configs based on ad groups enrolled. We have different configs for always on and always on disable on demand since the upgrade to global protect 6.0.3 some users seems to get a different config (always on instead of disable on demand) in PANOS 9.0 you could see in the system logs of t...

Softphone connect issue on GP agent 5.2.8 version when primary DNS is unreachable in GP setting

The endpoint having GP client version 5.2.8, is having an issue to connect to Secondary DNS Server for SIP traffic only. The issue is occurring on 5.2.8 when the primary DNS is not reachable. • WFH users connected to VPN gateways, were having primary DNS DC1 and secondary DNS DC2 in VPN setting.• Due to Planned activity Primary DNS DC1 server wa...

Deepak25 by L3 Networker
  • 2929 Views
  • 1 replies
  • 0 Likes
  • 2062 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks