Global Protect issues with MAC and IPhone new OS 18.4 and 15

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect issues with MAC and IPhone new OS 18.4 and 15

L2 Linker

Hello Team

 

We would like to inquire whether there are any known issues with GlobalProtect on the newly released iOS 18.4 and macOS 15. Prior to these updates, GlobalProtect was functioning smoothly with SAML authentication and all connections on earlier versions. However, after upgrading to iOS 18.4 and macOS 15, users are unable to establish a connection.

Could you please confirm if there are any compatibility issues or required configurations for GlobalProtect with these new OS versions?

9 REPLIES 9

L2 Linker

Hello Team

 

Kindly updates us 

Cyber Elite
Cyber Elite

@Mebinbaby,

At current update levels, there haven't been any widespread issues reported. If you happen to have installed macOS 15.0 you would need to upgrade to 15.0.1 to avoid an issue that Apple introduced when the built-in firewall was enabled, but I'm assuming that you have 15.4.1 installed.

The only issue that I've still seen actively reported is that at least some people trying to utilize self-signed certificates are encountering an issue. Not sure if that is potentially what you are seeing, but I would always recommend against doing it this way anyways.

We are experiencing the exact same issues when users have updated to 18.4. We are assuming that its a self-signed certificate issue but as yet have to prove that...

L0 Member

Hello, have you received an update on this issue, we have the same phenomenon here

L0 Member

 We just updated to 18.4 and are having the same issue.

L1 Bithead

Hi all

Same issue here. this is widespread so I this is not reported by Paloalto?

 

Regards

L1 Bithead

Just an update to my earlier post. i changer over our system to proper CA certs with no luck. It took a fair bit of trial and error but I did successfully get global protect to work with a Mac using CA certs but no luck on an iPhone. The vendor of the CA certs were extremely helpful in fairness but they were equally in the dark as to why GP on an iPhone won't work currently, they did say that Apple are a lot more stringent in their requirements. One thing he did find was that one of the certificates that they were using in their 'chain' was a Sha1 encrypted cert and so he recommended removing that certificate from the chain, particularly as my use case involved VPN only and not a website, unfortunately this did not fix the issue either. After a lot of research i found that Apple are recommending that certs should only be installed using an MDM. I have also tried installing using this method to no avail.  I don't realistically believe that the blame for this issue lies with Palo Alto directly but there has to be some incompatibility with how GP interacts with Apple iPhones. If a resolution/fix/workaround is'nt found soon then we will have to re-consider the licencing costs that come with using GP on mobile devices.....

L0 Member

Having the same issue with my Mac users

L1 Bithead

Just to add some more pertinant information: (writing in the hope that someone somewhere might have some divine inspiration to help!)

 

Palo Alto Firewall have an option on their VPN web portal to require a certificate to login and download updates to their GP software client. So you call up the VPNs FQDN URL, your browser should then confirm a secure connection but also it will only allow you fully login if you have the appropriate client certificate installed on your local machine. This is a useful way of confirming that your client certs are correctly installed on your local machine. I decided to try logging in to my vpn web portal from my Iphone and it logs in perfectly which confirms that my certs should be installed correctly, yet the Global Protect VPN app still will not  logon. "A Valid certificate is required for authentication. If the issue persist, contact your administrator".

Also of note: Android phones also stopped working for us a few months back (mainly because of self-signed certificates. We changed over to CA Certs and I have now installed the same certificate chain on multiple android devices and in each case GP works successfully. I have now also installed the VPN on multiple MAC Computers and it works each time so only iPhones seem to have this issue....:-(

  • 1958 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!