GP 6.0.6 - Cookie expired only from mobile phone

Showing results for 
Show  only  | Search instead for 
Did you mean: 

GP 6.0.6 - Cookie expired only from mobile phone

L2 Linker


we have PA-850 and we deployed GP 6.0.7 for desktops and 6.0.6 version for mobile phones.

The authentication is based on SAML via Azure and every connection from desktops works flawlessly.

Recently we started receiving complaints from users that the VPN stopped working on phones, they received an XML saying Access Denied (attached).

Looking at logs I found a Cookie Expiration and the quick solution was to clean the history of the mobile browser. then, the error disappeared and SAML authentication happened as usual. 
It seems like the GP client on a desktop can go for SAML authentication whenever it receives a cookie expiration message. 

Is there a way to configure the mobile client to do the same? is it a bug? any setting I can configure at Paloalto level? 
one option would be to disable the cookie authentication but that would be my last choice.... 😕



  • 0 replies
  • 47 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!