GlobalProtect upgrades & issues on DHCP option 43 code

Hello All,

Since last year, we are using GlobalProtect 5.0.4 along with DHCP options 43 to detect the Internal GP GW FQDN. The GP client then connects to the branch office GP GW and pushes the User-ID - as it should.

Since I updated our main PA 5520

Local Printing Non-Split Tunnel

Does any know if it possible to allow access to local network printing when you have Global Protect setup to route everything over the tunnel ("No direct access to local network" option enabled).  I've been looking at the Exclusion section and see op

certificate format from CA to clients and GP

Hello Team

Our GP is running with users authenticating via AD account

Now we are rolling out Machine certificate via Group Policy from our Microsoft CA server to all the Domain clients

and then the goal is to enable certificate check in addition to A

Documentation on Global Protect

Hello,

I'm looking for documentation about Global Protect. The default help pages only summarize the menu options in the gui. Typically they contain no explanation about its context or purpose.

Examples of things I really can't intuitively find about

Global Protect Logs in CEF Format

Hi Everyone,

I need to send Global Protect logs to Arcsight connector in CEF format.

looking through all documentations of CEF configuration Guide that are available, there is nothing mentioned about Global Protect logs and how to convert them to CEF f

GlobalProtect Mixed Gateway Always-On

Hi All,

As per this article (https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/mixed-internal-and-external-gateway-configuration) if I set my portal to User Logon (Always-On), my internal gateway will

Clientless VPN and HTTP Redirects

Hi 

I am attempting to use the Clientless VPN feature to give access to an internal web proxy server but have an issue where the Palo Alto is not rewriting URL's from a HTTP 301 Redirect.  

We use inginx/vouch as the proxy server to provide single sig

MAC Client with SAML fails for any version newer than 4.0.8

Hello. We run Global Protect VPN on a Palo 850 with SAML from OKTA and certificates from VMWare Airwatch. For any version of GP Client on the MAC newer than 4.0.8 the login fails. It does not prompt to select the certificate or for username and passw

GP Debug( 102): connect failed with 180 seconds timeout. Internal Detection

When using Internal Detection and user starts up his workstation while connected internally (In the LAN), the agent first tries to reach the EXTERNAL portal to check for new configuration.

If the External Portal is not reachable, it will wait for 180

Global Protect Silent App Deployment

Hi Guys,

I have implemented global protect with pre-logon with device certs. It is working as expected. I have customized GP msi to add the portal name and to install silently. However it looks like users need to add their username/password for the f

GlobalProtect Reporting Port Exhaustion on Win 10?

Anyone else seeing a lot of this lately?  I've been researching this over and over again for about 2 weeks and all signs point to Windows being the culrpit, but the only time we ever see this happen is when users are connect to GlobalProtect.

Here's

VPN Access for Remote Desktop

Hello All,

My organization is using Globalprotect VPN to access RD of office PCs from home. I have a slightly different requirement. I want to access my personal laptop from office. What I tried to do was connected VPN on my laptop and tried Windows

Additional global protect portal and gateway

Hi

We have a working user-logon always on GP setup using certificates to authenticate, but we would like to make some changes and go to prelogon, but with most of the company working remotely we thought we would play it safe and setup a second GP ins