10-12-2022 10:42 AM
There seems to be a bit of an issue connecting to Globalprotect after our windows machines have the latest microsoft cumulative updates, KB5018410 (windows 10) and KB5018418 (windows 11).
Looking in reddit it looks like other users are seeing the same problem as well, anyone got any ideas on how to fix this going forward? The only way we've been able to get users to connect is by uninstalling the latest update.
I've raised a call with our partner support but havent got anything back yet.
10-13-2022 10:32 AM - edited 10-13-2022 10:34 AM
This issues seems to specifically happen with SSO Authentication such SAML integration. We are running clients 5.2.12 and 6.1 and both have the issue that pop up the SSO page. In my lab clients that are using LDAP or Kerberos Authentication don't seem to be experiencing the issues. Reverting the patch fixes the issue for us.
I'm testing changing what browser does authentication to system default (chrome) to see if this makes a difference. I'm not sure that I can get an updated config file from the portal as I'm not sure if this is downloaded before or after authentication.
10-13-2022 10:32 AM
3rd option worked for my customer.
10-13-2022 10:35 AM
Interesting. This might be related to a change Microsoft made to the default browser and Edge. I found out the hard way awhile ago if you completely remove/disable Edge from a system it completely breaks GP. GP relies on Edge for portal/SAML/Auth. It is irrelevant to what the default browser is set to.
10-13-2022 10:53 AM
There's some discussion on Reddit about having TLS 1.2 as the minimum in the SSL/TLS profile for your gateway and portal. Can anyone who's having the problem confirm the min. TLS version in their setups?
10-13-2022 10:56 AM
So our users are starting to experience this issue also. We were running a much older 4.1.6-12 GP Client on Windows x64. But even after upgrading the GP Client to 6.10.0 we still have the same connection issues. If we remove the KB5018410 from the client computer they can connect just fine. I do think it has to do with the Global Protect authentication. We use LDAP (active-directory) to authenticate our Global Protect users and are having issues. However, I can connect to some of my clients who are using Palo Alto with Global Protect and it will connect just fine even with the KB5018410 installed, however they just use local users configured on the firewall for Global Protect authentication.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!