GlobalProtect Discussions | Palo Alto Networks

GlobalProtect Pre-Login with SAML + Azure MFA re-authentication issues

We currently have GlobalProtect deployed utilizing a combination of certificates (for pre-login) and SSO + SAML (to Azure AD) for user authentication. The SAML portion redirects the users to the Microsoft MFA portal for 6 digit authentication when t

...

Global Protect gateway isolation based on LAN checks

Dear all,

Please see the design below , the idea is testing against IPs 172.16.158.1 (IPs of VLAN 161) using path monitoring + static route

Can we add a path monitoring to an internal static route , that internal route monitoring reachability of 172

...

GP traffic black holing / redundancy

Dear all ,

One of my client is currently facing the below issue :

"We have faced some traffic black hole situations with Global Protect users when we are loosing internal connectivity in a GP gateway.

When firewall can no longer reach the LAN / internal

...

Found VAPT vulnerabilities points for SSLVPN URL.

We have done the VAPT on our environment and found the vulnerabilities for the SSLVPN URL which we use.

We had mitigated the maximum points but five points are remaining. So need help on that.

1. Password sent in Clear Text - CWE-319.

Some applicatio

...

Global Protect user-pre-logon from Windows domain login first time user

I'm having an issue finding an all inclusive document that can help me validate my GP portal and gw config to allow new users who receive a domain joined laptop be able to log into the domain on receipt of the laptop

current gw is pre-login with on-d

...

No internet access after connecting to Global Protect client

First, I'm just a simple user of a Global Protect client since this is required by our company. I'm not proficient with technical terms and stuff.

Issue: I successfully connected to the gateway however, I have no internet connection. No sites can be

...

Resolved! GLOBALPROTECT WITH AN INTERNAL IP BEHIND INTERNET DEVICE

GlobalProtect set up on a firewall with an internal IP address sitting behind an edge Internet device

Internet Router (2.2.2.2/24) > Internal Network > PAN ( 192.168.0.2/24)

I'm using OS 9.0.13

internally i can connect (for testing purpose), but

...

Resolved! GlobalProtect - Block internet access if user does not authenticate

Is it possible to block internet access if user does not authenticate through the GP client? We don't want any access to the web on the laptop unless they fully authenticate through Okta/GP (SAML). Would Pre-logon solve this?

Thanks

Resolved! Force GP client upgrade

Hi,

Is there a way to force a client to upgrade their globalprotect version? I have set the update to transparent and this works when users boot up their computers and connect. The issue comes from users that remain connected and don't disconnect. D

...

GlobalProtect using IPSec and a Site-to-Site IPSec VPN

I'm running a PA-500, PANOS 8.1.15-h3 and am trying to create a site-to-site IPSec VPN tunnel. It must run alongside an already configured GlobalProtect gateway where the GlobalProtect is also configured to use IPSec. Can these two VPN types exist on

...

Host-ID Information is not captured for some by GP Agent

Hi Team,

In Global Protect logs, for some of the MAC and Windows machine Host-ID information is not captured by the Agent what will be the possible cause for this and how to resolve this .

Snap for Host ID not captured for some and captured for some

...

Active X support with Clientless VPN

Hello,

Has anybody configured clientless vpn with the web application which uses active X?

From the KB article, I believe active x is not supported technology. Can anyone confirm this?

Thanks.

Pre-Logon can't get IP address from IP pool

I created two agents for my internal gateway in GlobalProtect.

One is for Pre-Logon and another is for Any users. I split a big IP address pool for them two.

big pool: 10.224.0.0/20

Split to : 10.224.0.0/21 and 10.224.8.0/21

But no matter which one I as

...

Generate daily report

hello,
is there a way I can generate a daily report on the number of users that connected daily.

thanks

Resolved! GlobalProtect issue when try to connect many agents behind one home router

Hello all,

we have let say 10 users behind one home internet router.

They can ping the portal and so on but just one of them can connect. The error of the others is that there is a network problem trying to reach the portal.

Are there any limitations

...

Discussions

GlobalProtect Pre-Login with SAML + Azure MFA re-authentication issues

Global Protect gateway isolation based on LAN checks

GP traffic black holing / redundancy

Found VAPT vulnerabilities points for SSLVPN URL.

Global Protect user-pre-logon from Windows domain login first time user

No internet access after connecting to Global Protect client

Resolved! GLOBALPROTECT WITH AN INTERNAL IP BEHIND INTERNET DEVICE

Resolved! GlobalProtect - Block internet access if user does not authenticate

Resolved! Force GP client upgrade

GlobalProtect using IPSec and a Site-to-Site IPSec VPN

Host-ID Information is not captured for some by GP Agent

Active X support with Clientless VPN

Pre-Logon can't get IP address from IP pool

Generate daily report

Resolved! GlobalProtect issue when try to connect many agents behind one home router

Global Protect Split tunnel dns resoleving problems in MacOS configured with Private Relay

Global Protect Failed Service Running

Android issues with GP logging in

Disable Global Protect Auto Start on Windows

PanGPUI hangs in Ubuntu 24.04

Re: macOS 15 Seqiuoa

Re: macOS 15 Seqiuoa

Unable to launch global protect on osx 15 (sequoia)

Re: Unable to launch global protect on osx 15 (sequoia)

Re: Android issues with GP logging in

Unlock your full community experience!

Resolved! GLOBALPROTECT WITH AN INTERNAL IP BEHIND INTERNET DEVICE

Resolved! GlobalProtect - Block internet access if user does not authenticate

Resolved! Force GP client upgrade

Resolved! GlobalProtect issue when try to connect many agents behind one home router