This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About PeterKeller
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About PeterKeller
05-30-2023
2Posts
2Likes
0Solutions
May 30, 2023Last Visited
User
Activity
User
Profile
Latest posts by PeterKeller
| Subject | Views | Posted |
|---|---|---|
| 418 | 05-29-2023 10:57 PM | |
| 522 | 05-16-2023 02:00 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 2 Likes | 05-29-2023 10:57 PM |
User Badges
Community Statistics
| Member Since | 05-12-2023 05:16 AM |
| Date Last Visited | 05-30-2023 02:18 AM |
| Posts | 2 |
| Total Likes Received | 2 |
05-29-2023
10:57 PM
2 Kudos
Hey community,
we have solved this case together with PA Engineers.
For those who are fighting with the same issues here the problem analysis and solution.
Problem:
- Starting the iPhone and as long as it belongs in the "locked mode" WiFi is disabled and it has no access to user certificates (this setting has changed with iOS15).
- Mobile Data can already be used for certain processes, so the Global Protect also loads its profile and gets the information to authenticate the user for VPN using the OS Rule iOS with the option "SAML or certificate". And this is the problem, no access to user certificate and it is trying to authenticate with SAML what is not proper possible with the iPhones. So it keeps trying this and run in a timeout.
Solution:
Delete all iOS and any OS user authentication rules and then there is a fallback rule which is only using certificate.
And here we go, couple of seconds after you unlock your iPhone VPN is connected.
Something you have to know.
Here is what the Engineer wrote:
Update from PA : Below are the steps which can be followed: 1) In the GlobalProtect User Authentication settings, ensure there are entries for each OS that is in your client base with the appropriate authentication. 2) Delete any entry with OS as ANY or iOS. 3) Push the changes to Prisma. 4) Manually open the GP client and connect to GP. 5) Test the GP connectivity on the iOS by rebooting it (both Wifi and Mobile Data). 5) Revert the changes back to the way it was after the test.
Hope this can help some others too.
Can be closed.
Thanks
Peter
... View more
05-16-2023
02:00 AM
Hey community,
we are currently trying to enroll iOS Devices with an always-on VPN Connection and authenticated by client certificate.
A lot people turn their iPhone over night off and start it at the morning, while the iPhone is still locked WiFi is not enabled and I guess the client certificates too. So mobile data is active which is trying to connect to Palo Alto and build the VPN but it cannot reach the certificate. Sometimes if you unlock it immidiately it works and the VPN is established.
Has anyone a similar scenario? We are using Mobile Iron for MDM and Prisma Access and want to tunnel the whole traffic.
Thanks so far.
Greetings
Peter
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-30-2023
02:18 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks