This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GlobalProtect Discussions
GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.
About GlobalProtect Discussions
Welcome to the GlobalProtect discussion area! Here, you can engage in conversations about GlobalProtect, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on GlobalProtect.

Discussions

Start a conversation

GlobalProtect client cant access internal resources

PAN OS 8.1.22 / GlobalProtect Agent 6.0.3 (1) GlobalProtect has no issue connecting to portal/gateway (Dell Latitude, Windows 11) (2) Gateway Access Route (split tunnel)(No direct access to local network is UNTICK) has access to 0.0.0.0/0 (3) VPN users authenticated are assign 10.0.1.1-40 address (4) DNS assignment is 192.168.10.10/24 (dc-01.i...

Jee.Khai by L1 Bithead
  • 2133 Views
  • 1 replies
  • 0 Likes

Comcast domain suffix getting appended into DNS requests over Global Protect

I ran a packet capture on PAN to try and figure out an intermittent problem with one of my GP 5.2.5.66 users (Windows, Surface Pro) where certain web based or internal applications will just start working. The external are Outlook O365, Teams for example. If he disables GP then everything starts working again. We verified he's connected to VPN d...

Global Protect Client and Intune Security Baseline

Greetings PAN community. Hoping to find someone that has seen this issue already so that I can move forward with my implementation of Intune Baselines. We use Configuration profiles at the moment to manage our fleet where we use the Global Protect client for vpn and OKTA for MFA to complete the connection. I have a test group set up in Azure t...

BHill007 by L0 Member
  • 16855 Views
  • 5 replies
  • 0 Likes

Resolved! Different agent configs Problem

Hi there, we have global protect with different agent configs based on ad groups enrolled. We have different configs for always on and always on disable on demand since the upgrade to global protect 6.0.3 some users seems to get a different config (always on instead of disable on demand) in PANOS 9.0 you could see in the system logs of t...

Softphone connect issue on GP agent 5.2.8 version when primary DNS is unreachable in GP setting

The endpoint having GP client version 5.2.8, is having an issue to connect to Secondary DNS Server for SIP traffic only. The issue is occurring on 5.2.8 when the primary DNS is not reachable. • WFH users connected to VPN gateways, were having primary DNS DC1 and secondary DNS DC2 in VPN setting.• Due to Planned activity Primary DNS DC1 server wa...

Deepak25 by L3 Networker
  • 2975 Views
  • 1 replies
  • 0 Likes

Separation of profiles for authorization and authentication in GlobalProtect

Hello friends! Help me please.I need advice on authentication and authorization when connecting to a GP.Is it possible to separate these roles? For example: authenticate using SAML.And then check this user for belonging to groups in LDAP, and depending on these groups, send him to the gateway / send him settings / apply policies. In general, aut...

GlobalProtect Always-on User Experience

Hey all - We're currently in the beta-testing phase of our GlobalProtect implementation, and I have a couple of questions around 'best practices' to ensure a good user experience. First, our setup: - PAN-OS 10.1.5-h1 - GlobalProtect client v5.2.11-10 (Mac OS (12.x) & Windows 10) - Pre-logon via machine-based certificates - User logon via Ok...

GlobalProtect License Portal or GP license Gateway?

Hi all, I need a clarify about GP Portal license and GP Gateway license. Which one is needed for clientless VPN?I have this PA-850 and running on PanOS 9.0.13, on support portal it shown that I have GP Gateway license active but GP Portal license is expired. As far as i know we only need Globalprotect license to use more features, but the suppo...

febriantofitranto_0-1643298903445.png

Strange DNS behavior - Mobile Users—GlobalProtect - Panorama Managed Prisma Access

Hi everyone, I had a bit of a strange behavior regarding DNS for mobile users, and wanted to verify if this was working as intended. IP addresses are made up Info on the infrastructure: - Panorama Managed Prisma Access. - Mobile Users - GlobalProtect. - Using both On-Premises and Prisma Access gateways (Manual). - DNS for internal domains ...

KasperT by L1 Bithead
  • 1807 Views
  • 0 replies
  • 0 Likes

Global protect SAML with azure need to make the joined PC to access without going to authentication other than to ask for username password via webpa

Global protect SAML with azure need to make the joined PC to access without going to authentication other than to ask for username password via webpage. I done the SAML and enabled the Sigle sign on from agent tab to be ON so the global protect get the username password when user login but the issue when the not joined PC tried it will get the...

Resolved! Global Protect Force Gateway Selection

I am trying to set up GlobalProtect and am having issues with client gateway selection. I have a single portal and will have two gateways set up. One uses SAML auth (general users) and the other one uses DUO auth (for the IT dept). Both are set to be on-demand. I want all users to be presented with both gateways initially, and then clients ...

SAML Azure Global Protect Redirects

Hi, We use RADIUS (DUO) for our Global Protect clients authentication but now I have configured SAML. I have also enabled MFA in Azure. Everything works properly as I am able to access all the company resources remotely via GP SAML authentication. However, I don't get any redirects to Microsoft/O365 portal to enter my signin credentials as it ...

MAliRaza by L0 Member
  • 2057 Views
  • 0 replies
  • 0 Likes
  • 2069 Posts
  • 68 Subscriptions
Top Solution Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks