This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problems connecting to Globalprotect after users install latest windows Cumulative updates

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problems connecting to Globalprotect after users install latest windows Cumulative updates

jclements
L1 Bithead

‎10-12-2022 10:42 AM

There seems to be a bit of an issue connecting to Globalprotect after our windows machines have the latest microsoft cumulative updates, KB5018410 (windows 10) and KB5018418 (windows 11).

Looking in reddit it looks like other users are seeing the same problem as well, anyone got any ideas on how to fix this going forward? The only way we've been able to get users to connect is by uninstalling the latest update.

I've raised a call with our partner support but havent got anything back yet.

 

thanks

22 people had this problem.
53 REPLIES 53

mlinsemier
L4 Transporter

‎10-13-2022 10:32 AM - edited ‎10-13-2022 10:34 AM

This issues seems to specifically happen with SSO Authentication such SAML integration.  We are running clients 5.2.12 and 6.1 and both have the issue that pop up the SSO page.  In my lab clients that are using LDAP or Kerberos Authentication don't seem to be experiencing the issues.  Reverting the patch fixes the issue for us.

 

I'm testing changing what browser does authentication to system default (chrome) to see if this makes a difference.  I'm not sure that I can get an updated config file from the portal as I'm not sure if this is downloaded before or after authentication.

mdua
L0 Member
In response to spatel

‎10-13-2022 10:32 AM

3rd option worked for my customer.

0 Likes Likes

TedMay
L1 Bithead
In response to mlinsemier

‎10-13-2022 10:35 AM

Interesting. This might be related to a change Microsoft made to the default browser and Edge. I found out the hard way awhile ago if you completely remove/disable Edge from a system it completely breaks GP. GP relies on Edge for portal/SAML/Auth. It is irrelevant to what the default browser is set to.

For certain you have to be lost to find a place that can't be found. Elseways, everyone would know where it was.
0 Likes Likes

BSwientoniowski
L1 Bithead

‎10-13-2022 10:53 AM

There's some discussion on Reddit about having TLS 1.2 as the minimum in the SSL/TLS profile for your gateway and portal.  Can anyone who's having the problem confirm the min. TLS version in their setups?

LFura
L1 Bithead

‎10-13-2022 10:56 AM

So our users are starting to experience this issue also. We were running a much older 4.1.6-12 GP Client on Windows x64.  But even after upgrading the GP Client to 6.10.0 we still have the same connection issues.  If we remove the KB5018410 from the client computer they can connect just fine. I do think it has to do with the Global Protect authentication.  We use LDAP (active-directory) to authenticate our Global Protect users and are having issues.  However, I can connect to some of my clients who are using Palo Alto with Global Protect and it will connect just fine even with the KB5018410 installed, however they just use local users configured on the firewall for Global Protect authentication.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks