GP Upgrade issues

Our environment seeing a weird issue when upgrading the GP Client, only happens so far on about 10% of the machines (small group) but its quite a pain because everyone is remote so we have to use Zoom to fix it and give them local admin/password to r

HIP Checks / 3rd Party Clients

I have a customer who is looking to enforce HIP checks to allow traffic.

However, some of their users are connecting in with non Palo Alto clients, and thus HIP checks do not work.

Is there a way to block non-GP clients from connecting completely?  C

GlobalProtect VPN SSL - disconnect

Hello,

I have a customer that many of his VPN SSL clients are disconnected many times during the day. In the GP logs (pan_gp_event.log) I can found : "Tunnel is down due to socket closed"

PAN-OS 9.0.7

GP Agent : 5.0.8

Before updating the agent or swit

Traffic Steering

Can traffic steering be used in a Panorama managed Prisma Access deployment to route traffic to certain public websites (like YouTube) through our internal Palo Alto firewall? The documentation on this feature was slim.

Multiple Global Protect Portal Realms

Hi,

We have a Global Protect portal available to our users via a public facing URL.  Question I have is whether the Palo Alto solution can support multiple portals based on the same URL and interface IP to serve different authentication profiles.  Ex

Global Protect Configuration during client installation

Hello.  Is there a way to install the Global Protect configuration during the installation?  Our PC imaging process installs GP and also  adds the portal address but the configuration is not there until a user logs into the PC and then signs into Glo

Two Phase VPN

Hello,

I have a question regarding the possibility of a 2 phase VPN connection. Please see below for a description of the scenario.

User A logs in to global protecting when logging on to their PC. I have this part completed using User logon (Always o

Globalprotect Clientless VPN and VClient Certificate

Hi All,

I have recently configured a clientless vpn for a customer but the solution needs client certificates for the users to log in with a browser. Is there a way I can make this an authentication only solution with no client certificate requiremen

Something about Global Protect agent seems off

It looks like Global Protect is a hot issue and specifically in combination with prelogon functionality.

We're also having a situation that appears to difficult to explain.

The idea is:

When handing out devices with global protect preinstalled and prec

Client vs Clientless for Web Application

For a browser based web application over a cellular connection, would the Clientless VPN be any more reliable (connection) then using the android client?

globalprotect user hostname lookup from inside lan

I am not able to resolve hostname (mac and Linux only) for users on GPVPN. 

Eg. I am in the Data Center LAN and when I try to ping, nslookup or ssh into a VPN user machine via hostname, the name doesn't resolve at all. 

Same thing works fine when user

Geo location IP problem

Hi,

My name is Anthony, and we are ISP from Montreal, Canada.
It came to my attention that our IP Subnet: 149.115.208.0/20 according to paloalto geo database appears as it is located in USA, whereas ARIN, NIC, maxmind and others state correctly it is s