05-29-2026 08:23 AM
Hey all,
We ran into this exact issue in our environment and wanted to share what we found in case it saves someone else the headache.
We recently upgraded all our firewalls to PAN-OS 12.1.6 and our macOS Tahoe machines started getting "Network is Unreachable" errors with GlobalProtect. We spun up a lab, downgraded PAN-OS to 11.2.10, and tested across multiple GP versions — worked fine on all of them.
Ended up opening a TAC case, and that's when we found the real culprit: the Mac's hostname had special characters in it (think apostrophes, spaces — the classic "John's MacBook" style names that macOS sets by default). GlobalProtect doesn't play nice with those on macOS after any PanOS 11.2.11 or greater, regardless of which GP version you're on.
First, check if your hostname is the problem.
Open Terminal (Cmd + Space → type "Terminal" → Enter) and run these:
If you see any apostrophes, spaces, or special characters in the output — that's your issue.
Fix it by renaming the hostname (use only letters, numbers, and hyphens — no spaces):
Enter your admin password when prompted (nothing shows on screen while typing, that's normal). Then flush DNS and reboot:
After the reboot GlobalProtect connected right away. No downgrade needed, no config changes on the firewall side.
This is also documented in the Palo Alto KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000kBP4KAM
Hope this helps someone — we burned a few days on this one!
