About vathreya

Hi,   Try refreshing the connection and ensure you are connected to the right firewall. If yes, then you should the Upgrade Notification if admin such a setting in portal config (upgrade with prompt vs transparent).     ... View more

Hi,   Please select Inspect and check the network logs and log a support request at https://support.paloaltonetworks.com/     Regards, Varun ... View more

Hi ServiceTeam,     Please log a support ticket with all the required details. It is not entirely clear what issue you're facing: https://support.paloaltonetworks.com/     Regards, Varun ... View more

Hi,   Did you ensure that  serial number attribute in the subject of the client certificate matches the  host ID  that the GlobalProtect app reports for the endpoint?   https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/certificate-management/configure-a-certificate-profile   Regards, VRA   . ... View more

Hi,   Does this happen on every browser? Can you try clearing cache and going through the same steps once again?    Regards, Varun ... View more

Does this help?    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJRCA0   It displays a welcome page when portal login is successful. Also, can you specify what you're trying to communicate to your end-users in this welcome page/banner?   Regards, Varun ... View more

Logout is always best effort.   Client tries to send the log out event but it may not reach the server due to network changes etc. Client will tear down the tunnel but the gateway may not know. It is then torn down on the timeout specified on the firewall. ... View more

Hi snimshad,   Were you able to consistently replicate the logout event registering only for SSL and not for IPSEC?   Regards, Varun ... View more

Hi,   Pre-logon tunnel setup is currently not supported on linux.   Regards, varun ... View more

Hi,   I believe it is best to open a TAC case to further investigate the logs and determine next steps.    Regards, Varun ... View more

That's not currently supported. ... View more

Hi Inclusa-Admin,   Can you check this reddit post and see if the issue is similar? https://www.reddit.com/r/paloaltonetworks/comments/702d6n/question_err_ssl_protocol_error_globalprotect/     If not, please open a TAC case ... View more

Hi Quay,   I still don't quite follow what you're saying:      I have logged in global protect with ldap authentication, let's say its "domain\user1". i want to access file sharing network and it's required domain authentication, i authenticated using "domain\administrator". Oddly, my connection is suddenly dropped. i checked on monitoring traffic log, queried by my 'source ip' and it showed that my log traffic changing from "domain\user1" to "domain\administrator" and its affected to change my initial authenticated login global protect with accessing other network. For example, previously (source user "domain\user1" global protect source-ip 172.10.1.63 destination-ip 10.10.1.100) after i authenticated my domain account to access the file server the traffic change to (source user "domain\administrator" global protect source-ip 172.10.1.63 destination-ip 10.10.1.100) it caused the connection dropped because the user is not listed or allowed in the policy.     You also say you're logged into  both machine and filesharing using domain\administrator. and then its changing source user to all network.    Did you initially log in as domain\user 1 onto the machine, and then switched user to domain\administrator?     Regards, Varun ... View more

Hi Inclusa-Admin,   Can you collect client logs when this happens next and post a snippet (for the exact time stamp) in comments? Can you also let me know since when is this behaviour occurring?    Regards, Varun ... View more

Hi Quay,   Did you log onto the machine using domain\user1 and then logged into File sharing network as domain\administrator or did you log onto machine using domain\administrator account later on? Please clarify. ... View more

Hi,   I don't quite follow your question. Can you please elaborate? ... View more

Hi Grenzi,   What's the use-case you're trying to solve for?   regards, Varun   ... View more

Hi John,   Can you check if you've already activated your license? Please go through this link: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/activate-licenses-and-subscriptions.html   Regards, Varun ... View more

Hi JohnQuile,   Can you specify the use-case? I'm not sure I follow your question.   Regards, Varun ... View more

HI,   I don't completely understand your question. Could you please provide some background?   Regards, Varun ... View more

Hi hmcadmin,   Android does not support exclude access route split tunneling.   Regards, Varun ... View more

HI Jesse,   No, we do not support SSO in that case. ... View more

Hi Jesse,   Some clarification here: Have you setup the clientless VPN portal and VMWare Horizon as two different Service Provider Applications on the same IdP? Which means users have to log into the clientless vpn portal using sso creds once and again to VMware horizon app. We currently do not support SSO functionality.   Regards, Varun ... View more

Hi Jake,   Please go through this document to troubleshoot split tunnel (domain) and exclude video traffic. Hope this helps 🙂   Regards, Varun ... View more

Hi Jake,   Is there any reason why you're still running 4.1.x? Take a look here to check out EOL summary: https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary   Once you've excluded that video traffic and excluded domain traffic, it will be routed using physical adapter and not via GP adapter.   Regards, Varun ... View more

You can also reduce the frequency in which users are prompted for OTPs by configuring an authentication override. This enables the portals and gateways to generate and accept a secure encrypted cookie to authenticate the user for a specified amount of time. The portals and/or gateways do not require a new OTP until the cookie expires, thus reducing the number of times users must provide an OTP. ... View more

Are you also running any scripts upon restarting your computer?    Can you share PanGPS truncated logs?  ... View more

@jdelio,   Can we also provide a link to live discussions / answers that you have called out for some of the questions? Yes, it might have been answered before, but to a reader is there a livecommunity link to the discussion, it'd be would be helpful.   ... View more

We also a new GP Space and would encourage you to post there moving forward 🙂   https://live.paloaltonetworks.com/t5/GlobalProtect/ct-p/GlobalProtect     Regards, Varun ... View more