About vathreya

To give Prisma Access and NGFW customers time to transition to GlobalProtect App 6.0 and later releases, Palo Alto Networks has extended the End-of-Engineering (EOE) and End-of-Life (EOL) dates for the GlobalProtect App 5.2.X releases for Windows and macOS. The EOL and EOE dates are as follows:   Current EoE/EoL 2/28/2023 Confirmed new EOE 8/31/2023  Confirmed new EOL 2/28/2024 Customer Scope All NGFW and Prisma Access customers will get access to the 5.2.X maintenance release builds between current EoE Date (2/28/2023) and proposed EoE Date (8/31/2023 ) Current EoL date will move to the proposed new EOL date (2/28/2024) Security Fixes Between the proposed EOE (8/31/2023) and proposed EOL dates (2/28/2024), only security fixes will be delivered.   Because the new EOE date is 8/31/2023, Prisma Access and NGFW GlobalProtect customers who have deployed 5.2.X are advised to actively evaluate 6.0.X preferred release to transition from 5.2.X.   ... View more

  As of June 15, 2022, IE 11 is getting deprecated by Microsoft Edge . C ustomers are concerned about the use of embedded web-view within GlobalProtect (it relies on IE 11 SDK) well beyond June 15, 2022.   Palo Alto Networks’ GlobalProtect team has tested GlobalProtect’s features that require embedded web-view in 5.1.X, 5.2.X, and 6.0.X release trains.   Customers are advised to review the testing matrix to understand the impact of Microsoft deprecating IE 11 on GlobalProtect’s embedded web-views.     GlobalProtect Version Windows Version Use-Case Results SAML Authentication in User-logon/On-Demand mode SAML Authentication in Connect Before Logon Welcome Page Help Page Link in HIP Notification 5.1.X (5.1.11) Windows 10 Opens in embedded web-view N/A Opens in embedded web-view Opens in user selected default system browser Opens in IE 5.1.X (5.1.11) Windows 11 Home Opens in embedded web-view N/A Opens in embedded web-view Opens in user selected default system browser Opens in Edge 5.2.X (5.2.12) Windows 10 Opens in embedded web-view Opens in embedded web-view Opens in embedded web-view Opens in user selected default system browser Opens in IE 5.2.X (5.2.12) Windows 11 Home Opens in embedded web-view Opens in embedded web-view Opens in embedded web-view Opens in user selected default system browser Opens in Edge 6.0.X Windows 10 Opens in embedded web-view Opens in embedded web-view Opens in user selected system default browser Opens in user selected system default browser Opens in IE 6.0.X Windows 11 Home Opens in embedded web-view Opens in embedded web-view Opens in user selected system default browser Opens in user selected system default browser Opens in Edge     Note: This April 2022 article from Microsoft, "Disable Internet Explorer 11," was used as a referenced.   ... View more

  The certificates and the chain used for GlobalProtect App Log Collection and ADEM are expiring as of June 3, 2022. Please be sure to update the certificates for GlobalProtect App Log Collection and ADEM after April 20, 2022 and before June 3, 2022, when the certificate expires. Read the steps below to renew the certificate used for GlobalProtect App Log Collection and ADEM now.   Steps to renew the certificate used for GlobalProtect App Log Collection and ADEM:   If you are using Panorama to manage Prisma Access and/or NGFW performing the following steps: Click on Panorama -> Cloud Services -> Configuration Under “GlobalProtect App Log Collection and Autonomous DEM” section Click on “Renew Certificate for GlobalProtect App Log Collection and Autonomous DEM” to renew the certificate Once the new certificate is generated, administrator has to push the new certificate under Portal ->  Agent -> Configs -> Client Certificate Once the new certificate is generated, it overwrites the old certificate and the certificate name remains the same i.e. globalprotect_app_log_cert . The new certificate will be pushed to the GlobalProtect app upon portal configuration refresh either manually by the end user or at default portal configuration refresh interval, which is 24 hours by default unless changed by the admin. First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GP 5.2.11 . Existing ADEM endpoints already connected to ADEM Cloud Service will be auto-upgraded with latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11  If you are using Cloud Managed Prisma Access performing the following steps: Navigate to Configuration -> Objects -> Certificate Management -> Shared -> GP_Log_Certificate Administrators have to manually update the certificate by performing the below steps: Once the new certificate is generated, administrator has to push the new changes by clicking on Push Config -> Push -> Mobile Users - GlobalProtect and select “Push” The new certificate will be pushed to the GlobalProtect app upon portal configuration refresh either manually by the end user or at default portal configuration refresh interval, which is 24 hours by default unless changed by the admin. First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GP 5.2.11 . Existing ADEM endpoints already connected to ADEM Cloud Service will be auto-upgraded with latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11  Note: Customers are advised to renew the certificate only after April 20 2022 and before June 3 2022 when the certificate expires. If certificate renewal is performed before April 20 2022 then you will still get the old certificate which is due to expire on June 3 2022. ... View more