Global Protect Client IP Range not able to get to internal resources

Hi All,

I recently configured an HA pair of 3220s for Global Protect. I have the firewalls handing out IPs from the 192.168.124.0/22 network. The clients can connect and get the correct IPs but are not able to reach internal resources. This same IP ra

Global Protect Failing to Work on Xfinity Networks with PopOS 20.04

Hi there,

I'm hopping to get some troubleshooting advice by the experts here. I'm using GlobalProtect 5.2.4 with a linux laptop running PopOS 20.04. At home I don't have issues connecting on a Verizon FIOS network, but when I visit family members (wh

Global Protect - Internal Detect - WIFI/LAN

hello

I am testing our rollout of mobile user vpn with pre-logon and always on

currently we are on-prem with on-demand so its complete change in user experience

but with one of out test users we found today when they are at home using they are using a

GlobalProtect cert auth alternative

Hi all,

We are using Cert authentication for identify check and make sure the device connected to GlobalProtect is a domain joined device. We are having issues with GlobalProtect Cert authentication when users travelling and connecting to a captive p

Globalprotect Azure MFA in PA-220

Hello all,

I'm just new here and would like to know if Azure MFA will work in PA-220 firewall or is there any restrictions with the said firewall?

We are looking to provide solution to enable Azure MFA when using Globalprotect on a PA-220 firewall.

C

easiest way to move users to 2nd gateway for maintenance on 1st

We have an Azure implementation of Palo Alto/GlobalProtect.

We use an Azure LoadBalancer point to 2 Palo Alto firewalls for GP portal connectivity.

Then based on the received config we send the user to the direct interface address of one of the 2 firew

GlobalProtect depends on ISP

Hello all,

I have a problem that has no sense for me..

A customer of us has problems with speed when they used his mobile phone as Personal Hotspot, all his employees uses same mobile phone model & ISP, and also same GlobalProtect version (5.2.2).

Whe

Lost Sign-In Options on Logon screen

Hi,

I've logged onto my machine (logon screen shows GlobalProtect Status - Connected), using GlobalProtect 5.2.5 client with machine based authentication in a virtual machine. The certificate is present on the machine and everything appears to be wor

GP 5.2.4 upgrade

Dears, 

I am planning to upgrade the Globalprotect version from 5.1.7 to 5.2.4. Do I need to push or reinstall SSL / TLS certificate when I am upgrading to GP 5.2.4 ?

Also I am planning to push the GP software (*.msi files) from an SCCM server. May I

GlobalProtect Pre-Login with SAML + Azure MFA re-authentication issues

We currently have GlobalProtect deployed utilizing a combination of certificates (for pre-login) and SSO + SAML (to Azure AD) for user authentication.  The SAML portion redirects the users to the Microsoft MFA portal for 6 digit authentication when t

Global Protect gateway isolation based on LAN checks

Dear all,

Please see the design below , the idea is testing against IPs 172.16.158.1 (IPs of VLAN 161) using path monitoring + static route 

Can we add a path monitoring to an internal static route ,  that internal route monitoring reachability of 172

GP traffic black holing / redundancy

Dear all ,

One of my client is currently facing the below issue :

"We have faced some traffic black hole situations with Global Protect users when we are loosing internal connectivity in a GP gateway.

When firewall can no longer reach the LAN / internal

Found VAPT vulnerabilities points for SSLVPN URL.

We have done the VAPT on our environment and found the vulnerabilities for the SSLVPN URL which we use.

We had mitigated the maximum points but five points are remaining. So need help on that.

1. Password sent in Clear Text - CWE-319.

Some applicatio

Global Protect user-pre-logon from Windows domain login first time user

I'm having an issue finding an all inclusive document that can help me validate my GP portal and gw config to allow new users who receive a domain joined laptop be able to log into the domain on receipt of the laptop

current gw is pre-login with on-d

No internet access after connecting to Global Protect client

First, I'm just a simple user of a Global Protect client since this is required by our company. I'm not proficient with technical terms and stuff.

Issue: I successfully connected to the gateway however, I have no internet connection. No sites can be