Addressed Issues in GlobalProtect App 5.2

Addressed Issues in GlobalProtect App 5.2

Table of Contents

Addressed Issues in GlobalProtect App 5.2

See the list of addressed issues in GlobalProtect app 5.2 for Android, iOS, Chrome, Windows, Windows 10 UWP, and macOS.
The following topic describes the issues addressed in GlobalProtect app 5.2 for Android, iOS, Chrome, Windows, Windows 10 UWP, macOS, and Linux.
  • GlobalProtect App 5.2.13-c418 Addressed Issues
  • GlobalProtect App 5.2.13 Addressed Issues
  • GlobalProtect App 5.2.12 Addressed Issues
  • GlobalProtect App 5.2.12 Addressed Issues (iOS only)
  • GlobalProtect App 5.2.11 Addressed Issues
  • GlobalProtect App 5.2.10 Addressed Issues
  • GlobalProtect App 5.2.9 Addressed Issues
  • GlobalProtect App 5.2.8 Addressed Issues
  • GlobalProtect App 5.2.8 Addressed Issues (iOS only)
  • GlobalProtect App 5.2.7 Addressed Issues
  • GlobalProtect App 5.2.7 Addressed Issues (iOS only)
  • GlobalProtect App 5.2.6 Addressed Issues
  • GlobalProtect App 5.2.6 Addressed Issues (iOS only)
  • GlobalProtect App 5.2.5 Addressed Issues
  • GlobalProtect App 5.2.5 Addressed Issues (iOS only)
  • GlobalProtect App 5.2.4 Addressed Issues
  • GlobalProtect App 5.2.4 Addressed Issues (iOS only)
  • GlobalProtect App 5.2.3 Addressed Issues
  • GlobalProtect App 5.2.2 Addressed Issues
  • GlobalProtect App 5.2.1 Addressed Issues

GlobalProtect App 5.2.13-c418 Addressed Issues

This release contains security-related fixes.

GlobalProtect App 5.2.13 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.13 for macOS and Windows.
Issue ID
Fixed an issue where the GlobalProtect HIP check incorrectly detected Definition Version for Cortex XDR, which caused the device to fail the HIP check.
Fixed an issue where Connect Before Logon would unexpectedly fall back to username and password authentication after a failed SAML authentication attempt to the gateway.
Fixed an issue where connect before logon would get stuck at Connecting if on an internal network with internal gateways.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the GlobalProtect cookie stopped working when CIS Benchmark 5.1.1 (Center for Internet Security) was applied for mac OS 12 Monterey to safeguard internet services.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS with split tunnel based on domain, the split tunnel did not work as expected after the system woke up from sleep mode.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check took longer than expected to collect the HIP information and also displayed HIP pop-up error messages for antivirus software, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was configured with split tunnel to exclude traffic, users could not access the excluded Airtel 4G PPP dongle application since the Airtel PPP default traffic route was removed.
Fixed an issue where the GlobalProtect app failed to detect Cisco Secure Endpoint anti-malware software installed on the device.
Fixed an issue where the GlobalProtect app connection failed when Windows 10 21H2 users tried to switch to another Windows user account on the device.
Fixed an issue where the GlobalProtect app was installed on devices running macOS, the GlobalProtect HIP check failed to detect the Real time protection status for Symantec Endpoint Protection.
Fixed an issue where GlobalProtect HIP check did not detect the name of the Trellix Agent correctly which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the app did not display 'Authentication Failed' when the user entered an incorrect RSA SecureID.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, users were prompted for certificate selection even when the Extended Key Usage OID for Client Certificatewas configured in the App Configurations area of the GlobalProtect portal configuration.
Fixed an issue where the GlobalProtect HIP check did not detect the Real-Time Protection status correctly for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed and connected on devices, the HIP check process was delayed and the tunnel was disconnected after 2 hours.
Fixed an issue where the GlobalProtect app did not detect real-time protection status for Sophos Endpoint Protection, which caused the device to fail the HIP check.
Fixed an issue where the split tunnel feature did not work as expected on devices running macOS Monterey 12.X and Chrome Browser 104.0.5112.79
Fixed an issue where the GlobalProtect HIP check did not detect the McAfee antivirus software, causing the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, and when the user executed the command to disable the app, a new line break was added after the timestamp value in the command which caused parsing issues and created incorrect GlobalProtect log messages.
Fixed an issue where when the GlobalProtect app was deployed for pre-logon and when users tried to change their Windows password, users were prompted to enter only a new password. The app did not prompt users to enter their old password while changing the password.
Fixed an issue where the GlobalProtect app was connected to a different gateway and not the preferred gateway when the device woke up from sleep mode. The users had to select the preferred gateway manually to connect to the GlobalProtect app.
Fixed an issue where the GlobalProtect HIP check failed to detect the Real time protection status for Sophos Endpoint Protection.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and the app did not start right away after a system reboot.
Fixed an issue where the GlobalProtect HIP check failed to detect the Definition Version for Sophos Endpoint Protection, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app got disconnected after 3 hours.
Fixed an issue where users were unable to connect to the GlobalProtect app when users restarted the device from the hibernation mode.
Fixed an issue where the GlobalProtect HIP check did not detect the correct Anti-Malware information for the Last Full Scan Time for Sophos Endpoint Protection, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect the Real-Time Protection status for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app was installed on iOS devices and the GlobalProtect app failed to collect HIP data and the Host Information tab on the device failed to display information.
For the app to display the HIP information, user must update or remove expired certificates from the system.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and when the user tried to start the GlobalProtect app using Windows Start menu, the Windows Installer (Msiexec) did not work as expected due to which the app was getting reinstalled on the device.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and when the GlobalProtect gateway was configured to exclude routes, the excluded routes were removed from the original routing table when users disconnected the app.
Fixed an issue where the GlobalProtect HIP check detected incorrect Anti-Malware information for Definition Date for Sophos Endpoint Protection.
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and GlobalProtect enforcer was configured with allowed FQDNs, users were still able to access the internet and other public domains.
Fixed an issue where the GlobalProtect HIP check detected the device as Windows firewall enabled even though the firewall was disabled on the device.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude application traffic for Zoom, excluded Zoom traffic was still forwarded through the tunnel.
Fixed an issue where the HIP check process stopped running and the tunnel was disconnected after 3 hours.
Fixed an issue where the GlobalProtect app did not save the username after Kerberos SSO authentication following which the app could not use the GlobalProtect cached portal configuration. Users had to manually add the username to the Windows registry.
Fixed an issue where the GlobalProtect app got disconnected due to an incorrect HIP check after the system woke up from sleep mode or when the system was restarted.
Fixed an issue where, when the GlobalProtect app was installed on Windows 11, version 22 H2 devices, the HIP information for patch management was not collected and the Patch Management section of the Host Profile tab failed to display the HIP details.
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for Sophos Endpoint Protection and Microsoft Monitoring Agent, which caused the device to fail the HIP check.
Fixed an issue where the users were not prompted for Multi-Factor Authentication (MFA) even after entering their credentials using IdP (Identity Providers).
Fixed an issue where the GlobalProtect app stopped working abruptly.
Fixed an issue where the HIP check process stopped running and the tunnel was disconnected after 3 hours.
Fixed an intermittent issue where the users were unable to connect to the GlobalProtect app, when the app used cached portal configuration.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and No direct access to local network option was enabled with access routes excluded from the GlobalProtect VPN tunnel, the excluded traffic was not sent through the physical adapter on the endpoint. Following this, users were unable to access the local physical network devices such as printers.
Fixed an issue where the HIP check did not detect the Sentinel One RTP and definition date properly, which caused the HIP check to fail.
Fixed an issue where, when split tunnel was configured on the GlobalProtect app to exclude destination domain traffic that included a slash character (/) for sub-page domain names, the slash character (/) was not displayed in the sub-page domain names in the exception list.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the SAML login page to authenticate Network Discovery was not properly displayed.

GlobalProtect App 5.2.12 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.12 for macOS and Windows.
Issue ID
Fixed an issue where the GlobalProtect app failed to connect when the embedded browser was closed after Okta authentication.
Fixed an issue where, when the No Direct Access to local network option was enabled on GlobalProtect gateway, the GlobalProtect users’ loopback interface network was masked causing connection failure.
Fixed an issue where, when the Allow GlobalProtect UI to Persist for User Input was enabled and the machine was restarted, the GlobalProtect app did not show up on the screen. The browser directly opened the SAML login page and the app worked only in the background after successful authentication.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the language was set to Japanese, the password field for disabling the app was not properly displayed.
A fix was made to address an OpenSSL infinite loop vulnerability in GlobalProtect app software (CVE-2022-0778).
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the connection became unstable when the user clicked the Click here or Retry button on the default browser page for SAML authentication.
Fixed an issue where the GlobalProtect HIP check did not detect the Last Scan Date for Cortex XDR, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app prompted users to re-enter the gateway login credentials even though the save-user credentials was configured.
Fixed an issue where the GlobalProtect app displayed the incorrect copyright year on the app.
Fixed an issue where GlobalProtect users were unable to connect using Connect Before Logon because the app got stuck during the SAML authentication stage.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect logs displayed password information when the password contained the (<) character.The password characters succeeding the (<) character were displayed in the logs.
Fixed an issue where the GlobalProtect app connection failed after the app was upgraded to Windows 10 21H2.
Fixed an issue where the GlobalProtect app could not connect to the Prisma Access gateway when a FQDN was used instead of an IP address in the Proxy Auto-Configuration (PAC) file.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the device displayed a blue screen when users tried to connect to the GlobalProtect app.
Fixed an issue where the GlobalProtect app got disconnected after HIP check.
Fixed an issue where the HIP check did not detect the Sentinel One RTP and definition date properly, which caused the HIP check to fail.
Fixed an issue where, after connecting to GlobalProtect using Connect Before Logon (CBL) with SAML authentication, the GlobalProtect app kept opening and closing after the user logged in.
Fixed an issue where GlobalProtect app users were prompted to re-enter the password when the connection was refreshed.This issue occurred only when the password contained non-English characters.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP report displayed encryption status even when the encryption feature was disabled.
Fixed an issue where the Azure IDP page was not displayed properly when Connect Before Logon was used.
Fixed an issue where multiple spelling and translation errors were observed in the GlobalProtect app for French localization.
Fixed an issue where, during a transparent upgrade of the GlobalProtect app, if the system rebooted or woke up from hibernation, the upgrade failed due to competing resources between the system reboot and transparent upgrade. The previous version of the GlobalProtect app was completely uninstalled.

GlobalProtect App 5.2.12 Addressed Issues (iOS only)

There were no addressed issues in GlobalProtect app 5.2.12 for iOS.

GlobalProtect App 5.2.11 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.11 for macOS, Windows, and Android
Issue ID
Fixed an issue where the users were unable to connect applications such as TESSY to a local database when GlobalProtect was connected.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect app tried to restore the gateway connection even when the device was on Modern Standby mode. The users were prompted to authenticate using multi-factor authentication (MFA) authentication.
Fixed an issue where, when Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to login to the endpoint, the users could not authenticate as the authentication process stopped when redirected to the organization’s sign-in page.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the Autonomous Digital Experience Management (ADEM) was not enabled in the app, the agent took more time than expected to establish a connection.
Fixed an issue where the GlobalProtect IPV6 static route for the gateway was getting removed shortly after establishing the connection causing unexpected GlobalProtect disconnections.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect credentials that were saved earlier were lost when the user faced network connectivity issues and the users had to re-enter the credentials.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and No direct access to local network option was enabled with access routes excluded from the GlobalProtect VPN tunnel, the excluded traffic was not sent through the physical adapter on the endpoint. Following this, the users were unable to access the local physical network devices such as printers.
Fixed an issue where the GlobalProtect agent (PanGPA) stopped running when Client Certificate authentication along with SAML authentication method was used to authenticate users. This issue resulted in GlobalProtect connection failures.
Fixed an issue where, when the user entered their credentials in the Connect Before Logon SAML authentication page, a blank screen was displayed instead of prompting the users to authenticate using a Two-Factor Authentication (2FA) authentication method as expected.
Fixed an issue where the GlobalProtect HIP check did not detect patch management properly, which caused the device to fail the HIP check.
Fixed an issue where, when pre-logon was configured for the GlobalProtect app, the users were still prompted to authenticate using multi-factor authentication (MFA) during the GlobalProtect gateway pre-logon stage.
Fixed an issue where, when the GlobalProtect app was installed on devices running on macOS High Sierra and split tunnel was configured to exclude application traffic such as Microsoft Teams and Zoom, some excluded traffic was still being forwarded through the tunnel.
Fixed an issue where, when the GlobalProtect app was deployed for pre-logon, the GlobalProtect Enforcer remained enabled even after the app was disabled.
Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version 10.0.3, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for Windows Defender and McAfee Anti-Malware Detection, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version 10.0.3, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app did not detect real-time protection and the correct definition date and definition version for Microsoft Defender Advanced Threat Protection (ATP), which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app failed to reconnect and continued to stay in the connecting state even after restarting the device.
Fixed an issue where, when the GlobalProtect app was configured to use the end user’s default system browser for SAML authentication, the app displayed the following warning message while enrolling with PingID.
Assignment to read-only properties is not allowed in strict mode.
Fixed an issue where, when Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to log in to the endpoint, users were unable to complete the authentication process as the SAML login page got stuck after they entered their credentials.
Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect was configured with split tunnel to include traffic based on the destination domain by overriding the DNS server manually, the DNS queries were still being sent to the DHCP configured server.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude or include any application traffic that relied on the loopback connection source IP address, the split tunnel configuration based on the application did not work.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, a pop-up message Connected - You are securely connected to the corporate network was displayed and the message continued to stay on the screen even though the users tried to close it.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices with No direct access to local network option enabled on the gateway and split tunnel feature configured to exclude specific access routes, traffic for those access routes continued to go through the VPN tunnel.
Fixed an issue where the TCP Option lookup for IP fragmented TCP packets caused the endpoint to lose access to internal resources.
Fixed an issue where, when split tunnel was configured on the GlobalProtect app to exclude destination domain traffic that included a slash character (/) for sub-page domain names, the slash character (/) was not displayed in the sub-page domain names in the exception list.
Fixed an issue where the GlobalProtect HIP check did not detect the Trend Micro Apex One Endpoint Security, which caused the device to fail the HIP check.
Fixed an issue where, when the IPv6 Sinkhole feature was enabled to block the GlobalProtect app from accessing the local network devices using IPv6 address, the GlobalProtect gateway still allowed the GlobalProtect app to send IPV6 traffic to local network devices instead of blocking them.
Fixed an issue where GlobalProtect HIP check incorrectly detected the encryption stage for Trend Micro Full Disk Encryption as ‘Unknown’.
Fixed an issue where, when the GlobalProtect portal was set to authenticate users through Security Assertion Markup Language (SAML) authentication, the users were prompted to re-enter their credentials whenever they tried to connect to the GlobalProtect app even when the Authentication override cookie was enabled.
Fixed an issue where, when the GlobalProtect service (PanGPS) stopped running unexpectedly causing IP address-to-username mapping issues on the firewall. Users were unable to create user-based access policies due to the issue.
Fixed an issue where the GlobalProtect HIP check did not detect the real-time protection for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
Fixed an issue where, when split tunnel was configured on the GlobalProtect gateway to include routes, the traffic which was not included was also sent over the VPN tunnel intermittently.
Fixed an issue where DNS queries for excluded domains were sent out on both the GlobalProtect app virtual adapter and the device's physical adapter with the Split-Tunnel Option set to Both Network Traffic and DNS in the App Configurations area of the GlobalProtect portal configuration.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the correct definition version and definition date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect tunnel could not send traffic after the system woke up from sleep mode.
Fixed an issue where the hamburger menu icon on the GlobalProtect app was not highlighted when the users selected the menu using the tab key on the keyboard. Users were unable to identify the difference whether they were using the menu or not since the highlight was not visible to them due to the issue.
Fixed an issue where, when a device connected to GlobalProtect would establish an Remote Desktop Protocol (RDP) connection to another device connected to GlobalProtect, the RDP connection would time out and disconnect.

GlobalProtect App 5.2.10 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.10 for macOS, Windows, and Android.
Issue ID
Fixed an issue where the GlobalProtect HIP report displayed incorrect OS version Windows 10 instead of the correct version Windows 11.
Fixed an issue where GlobalProtect users were prompted to install the Rosetta 2 compatibility package along with the GlobalProtect app on ARM64-based MacBook devices running macOS M1. The system prompted for Rosetta 2 installation despite the GlobalProtect app having native support for the M1 processor (ARM64, Apple silicon).
Fixed an issue where the Check for Updates option in the GlobalProtect app failed to display the recent GlobalProtect version updates. The users had to refresh the GlobalProtect connection to get the latest version updates.
Fixed an issue where, when the GlobalProtect portal was set to authenticate users through Security Assertion Markup Language (SAML) authentication, the users were prompted to re-enter their credentials whenever they tried to connect to the GlobalProtect app even when Authentication override cookie was enabled.
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in the connecting state. Users had to close and launch the GlobalProtect app again to establish the connection.

GlobalProtect App 5.2.9 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.9 for iOS, macOS, and Windows.
Issue ID
Fixed an issue where the GlobalProtect HIP check did not detect the correct status for Sophos Endpoint Protection, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app continued to stay in the connecting state when users tried to log in to the gateway by entering their usernames without providing a password. Users were not prompted to re-enter credentials on authentication failure.
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Bitdefender Endpoint Security for macOS, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not correctly detect the Anti-Malware information for McAfee Endpoint Security on devices running macOS, which caused the devices to fail the HIP check.
Fixed an issue where macOS devices were able to bypass the GlobalProtect tunnel using the physical adapter even when No direct access to local network was enabled.
Fixed an issue where the Apple MacBook Pro failed to reconnect to the GlobalProtect app after hibernation.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch Management software for the Jamf Pro application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app could not send the Kerberos SSO support properly during the pre-login stage.This issue resulted in two authentication prompts when devices were connected to a corporate network.
Fixed an issue where the GlobalProtect app failed to fetch the configuration from the portal during the automatic configuration refresh.
Fixed an issue where when SAML was used with the default browser for authentication, GlobalProtect could not establish a tunnel to the gateway with a cached portal configuration.
Fixed an issue where DNS queries for excluded domains were sent out on both the GlobalProtect app virtual adapter and the device’s physical adapter with the Split-Tunnel Option set to Both Network Traffic and DNS in the App Configurations area of the GlobalProtect portal configuration.
Fixed an issue where the GlobalProtect app for macOS allowed users to enter extra spaces after the portal IP address or FQDN, causing the connection to fail.
Fixed an issue where the GlobalProtect app did not launch the SAML login page correctly to complete the authentication sequence.
Fixed an issue where the GlobalProtect app did not detect real-time protection and the correct definition date for Microsoft Defender Advanced Threat Protection (ATP), causing the HIP check to fail.
Fixed an issue where the GlobalProtect app displayed the wrong version when fetched from Workspace One.
Fixed an issue where, when the GlobalProtect HIP check did not detect the Anti-Malware information for Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect user was unable to sign in to the portal by pressing the ‘Enter’ key after entering the credentials on the GlobalProtect embedded browser.
Fixed an issue where the DNS UDP checksum was incorrectly calculated, causing latency in the GlobalProtect connection.
Fixed an issue where multiple spelling and translation errors were observed in the GlobalProtect app for French localization.
Fixed an issue where the GlobalProtect HIP check did not detect the correct details for Symantec Endpoint Protection on Windows endpoints, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on ARM-based MacBook devices running macOS M1, the GlobalProtect app was unable to detect HIP information for Anti-Malware, Disk Backup, Disk Encryption, Firewall, and Patch Management.
Fixed an issue where, if GlobalProtect was configured for domain-based split tunneling and the domain name resolved to the loopback address (, the GlobalProtect app would disconnect on devices running macOS 11.5 or later.
Fixed an issue where the GlobalProtect app for macOS was unable to detect Jamf version 10.31.0 in the HIP check, causing the endpoints to fail the HIP check.
Fixed an issue where the GlobalProtect app did not start right away after a computer reboot.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect HIP report displayed encryption status as unencrypted even when encryption was complete.
Fixed an issue that caused the GlobalProtect app to restart when using the MacBook keyboard to navigate through the GlobalProtect GUI.
Fixed an issue where the GlobalProtect login screen displayed an incorrect Spanish translation.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the firewall state of McAfee Endpoint Security v10.7.0.1961.
Fixed an issue where the GlobalProtect users on macOS 11 Big Sur were unable to use the Spotify application properly, when application-based split tunneling was configured on the gateway and Spotify was excluded from the VPN tunnel.
Fixed an issue where the GlobalProtect HIP check did not correctly detect the McAfee DLP information on Windows 10 devices, which caused the devices to fail the HIP check.
Fixed an issue where DNS resolution to internal host detection got delayed because of mDNS.
Fixed an issue where GlobalProtect authentication failed when the SAML username contained special characters.
Fixed an issue where the GlobalProtect HIP check did not detect the correct details for Cortex XDR, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect the details for Forcepoint Data Loss Prevention (DLP) and FireEye Advanced Malware, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Sentinel Agent, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP report displayed erroneous warning messages, such as whole disk encryption failed, after an upgrade.
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app consumed a large amount of storage space under Documents & Data.
Fixed an issue where the GlobalProtect app took a long time to connect when the internal host detection DNS query failed.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect information for Signature Version and Last Updated for the Carbon Black Cloud application, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app GUI would disappear to the system tray or menu bar during authentication prompts thereby preventing the users from entering their credentials.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish a connection for the second user using Security Assertion Markup Language (SAML) authentication when cookie authentication was configured on the portal.
Fixed an issue where the upgrade to a newer version of GlobalProtect app failed if the Allow User to Uninstall GlobalProtect App (Windows Only) was set to Disallow or Allow with Password.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices and configured in Always-On mode, the app was unable to send the HIP report to the firewall after the device was turned off and turned on in locked mode. When the device was turned on in locked mode, users connected to the app in Always-On mode but GlobalProtect failed to send the HIP report to the firewall.
Fixed an issue where the remote desktop connection via GlobalProtect tunnel got disconnected at times.

GlobalProtect App 5.2.8 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.8 for Windows, macOS, and Windows 10 UWP.
Issue ID
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows (32-bit) devices and the portal was set up to authenticate end users through the default system browser for Security Assertion Markup Language (SAML) authentication, the default system browser for SAML authentication did not work as expected.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the status of Disk Encryption and the presence of Bitlocker Drive Encryption after upgrading to GlobalProtect app 5.2.6, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and configured with On-Demand mode, a new portal authentication including a RADIUS challenge caused the app to hang in Connecting state.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the status of Disk Encryption and the presence of Bitlocker Drive Encryption, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was enabled for FIPS-CC mode, the app failed to connect to the portal because the app attempted to perform an OCSP check for the root CA certificate.
Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version, Malware Definition Date, and Last Full Scan Time for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the General tab of the GlobalProtect Settings panel displayed a spelling error when the system language was French.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app used the tunnel assigned IPv6 address as the source address for the physical interface for the excluded IPv6 traffic. This issue occurred when the physical adapter did not have any IPv6 addresses.
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was deployed for Pre-logon then On-demand, the pre-logon tunnel took 2-3 minutes to connect to GlobalProtect when switching from disconnecting to connecting states. With this fix, the pre-logon tunnel was able to connect to GlobalProtect without changing connection states.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP process (PanGpHip) completely stopped running after the GlobalProtect service (PanGPS) crashed.
Fixed an issue where, where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date and the software version for the 360 security guard and 360 Antivirus, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on non-English Windows devices, the GlobalProtect HIP check did not detect real-time protection for Cisco Advanced Malware Protection for Endpoints, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and another application with system extensions were installed, issues with web-browsing and network activity were observed.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the correct definition date for Kaspersky Endpoint Security, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and deployed for Pre-logon then On-demand with user initiated Pre-logon enabled, Start GlobalProtect Connection was displayed at the Windows login page when the system was locked. This option should be displayed only during a system restart or when users logged out from the device.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the user was unable to save the gateway as the Preferred Gateway because this setting was removed from the Windows registry after a system reboot.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the embedded browser (WKWebView) did not send the client certificate to the SAML identity provider configured with mutual TLS authentication.
Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and the Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where when the GlobalProtect app was installed on ARM-based and Intel-based MacBooks, the app continued to stay in connecting state after the device woke up from sleep mode.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel (optimized split tunneling) was configured to exclude any application traffic that relied on the loopback connection source IP address to be, the excluded application did not work as expected.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the blue screen was displayed on the device after users logged in and connected to the app.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and exclusions for destination domain traffic were not enforced, the app did not open the browser for SAML authentication that was blocked by the GlobalProtect enforcer.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was not disconnected from the tunnel when a user removed a smart card even when Retain Connection on Smart Card Removal was set to No in the GlobalProtect portal configuration.

GlobalProtect App 5.2.8 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.8 for iOS.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the connection on an IPv6 LTE network.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, users were prompted multiple times to enter their user credentials.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed a connection failed error message and the device was reconnecting by itself to GlobalProtect.

GlobalProtect App 5.2.7 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.7 for Windows, macOS, and Android.
Issue ID
Fixed an issue where, when the GlobalProtect app was deployed on managed Android devices through a mobile device management (MDM) system such as Microsoft Intune, the app was unable to automatically fetch a certificate after upgrading from GlobalProtect app 5.2.5 to GlobalProtect app 5.2.6.
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
Fixed an issue where after a Fresh Install of GlobalProtect app 5.2.6 and using the embedded browser for Security Assertion Markup Language (SAML) authentication, authentication failed due to a script error when end users attempted to access the identity provider (IdP) web page. With this fix, after you installed GlobalProtect app 5.2.7, end users can access the idP web page using the embedded browser for SAML authentication without any script errors and connect to GlobalProtect.
Fixed an issue where after upgrading to GlobalProtect 5.2.6, the GlobalProtect client on the end user’s endpoint did not connect to the Best Available gateway.
Fixed an issue in GlobalProtect app for Android devices where the documented syntax of app_list key for Per-App VPN was not in sync with the App.
Fixed a performance issue where the GlobalProtect HIP process (PanGpHip) caused high CPU usage on devices.
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, the GlobalProtect HIP check did not detect the correct definition version, definition date, and year for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect information for Signature Version and Last Updated for the Carbon Black Cloud application, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Version and Malware Definition Date for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, the GlobalProtect HIP check did not detect the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check did not detect did not detect real-time protection for Traps version, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app was configured to exclude application traffic such as Cisco Webex for split tunnel, excluded traffic was still forwarded through the tunnel. This issue occurred when the Pre-logon Tunnel Rename Timeout value was set to -1 in the GlobalProtect portal configuration.
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices and if the Exceptions to Enforce GlobalProtect list was configured with a subnet, existing connections to those hosts were not allowed even when the Enforcer status was enabled.
Fixed an issue where, when the GlobalProtect tunnel was established on macOS devices, the default route was installed before the excluded routes and then excluded traffic leaked into the tunnel periodically.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct ESET Endpoint Antivirus definition version.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and when the tunnel disconnected and reestablished immediately, the split tunnel configuration based on the application was not adhered.
Fixed an issue where the GlobalProtect app received a notification when the connection falls back from IPSec to SSL even after setting Display IPSec to SSL Fallback Notification to No to disable the app from displaying the notification.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, end users were unable to access the internal domains when split tunnel based on the destination domain was configured with port 53.
Fixed an issue where the GlobalProtect HIP check did not detect the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where, after upgrading to GlobalProtect 5.2.6, the GlobalProtect HIP report was not complete, which caused the GlobalProtect client host device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina, the Configurable Maximum Transmission Unit for GlobalProtect Connections feature did not support fallback to kernel extension mode.
Fixed an issue where the GlobalProtect client version was transparently upgraded even when Allow User to Upgrade GlobalProtect was changed to Disallow from Allow Transparently.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the Choose An Identity pop-up prompted end users to Select a valid client certificate to connect to GlobalProtect even when the certificate-store-lookup value was set to machine on the GlobalProtect portal.
Fixed an issue where, when the GlobalProtect app was installed macOS devices, did not detect the correct state for the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
Fixed an issue where the PanGPA.log file displayed the user credentials in (clear-text) data when the SAML identity provider such as Enforce Enboard was used for portal and gateway authentication.
Fixed an issue where the GlobalProtect service restarted multiple times when DLSA was configured in a dual stack environment.
Fixed an issue where the Server Name Indication (SNI) was not set in the requests used for the HIP reports and client logout messages.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app displayed that the end user was connected to the corporate network even when their device was not connected to Internal Network.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the HIP check process was delayed and the tunnel was disconnected after 3 hours.
Fixed an issue where the GlobalProtect HIP check was unable to detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the gateway did not generate the HIP report within a reasonable time period after upgrading to GlobalProtect app 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app failed to connect to the GlobalProtect gateway using a cached configuration if the GlobalProtect portal was unreachable using client certificate authentication.
Fixed an issue where the GlobalProtect app displayed the following HIP notification even when Forcepoint Data Loss Prevention (DLP) was installed: Forcepoint DLP agent is not installed into your system.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and the default browser was used for SAML authentication, the app opened the default browser for SAML authentication twice.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and configured in a full tunnel deployment, the GlobalProtect virtual adapter was activated with the default gateway set to Starting with GlobalProtect app 5.2.7, you can set a valid default gateway on the adapter using one of the following methods:
  • Open the Windows Registry (enter regedit on the command prompt) and go to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings
    Right-click the Settings folder, then select NewString Value and enter fake-default-gateway string value. In the Value data field, enter yes.
  • Use the Windows Installer (Msiexec) to add the FIXDEFAULTGATEWAY=”yes” Msiexec parameter during the installation.
Fixed an issue where the GlobalProtect client was unable to establish a connection when the proxy domain name had the “HTTP” keyword.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and by changing the registry settings, the end user was able to connect to a different portal even when Allow User to Change Portal Address was set to No in the GlobalProtect portal configuration.
Fixed an issue where the GlobalProtect HIP check excluded the Anti-Malware information for FireEye but some data was still collected from the FireEye agent and actions were performed on the data in PanGPHip.exe.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices while third-party software was running, the filter driver failed to load.
Fixed an issue where the routing flags for the Address Resolution Protocol (ARP) route were not reverted once GlobalProtect was disconnected. This issue caused the third-party VPN connections to fail.
Fixed an issue where, when the GlobalProtect app was deployed for pre-logon and if a pre-logon tunnel was not established, the subsequent gateway login using RADIUS two-factor authentication (2FA) failed.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app did not use the system proxy server to connect to the SAML identity provider.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Catalina, end users experienced issues when connecting to Zoom on the internal network.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the HIP Report was significantly delayed while checking information for the Windows Defender.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Carbon Black Response application.
Fixed an issue where after a GlobalProtect connection was established, the network interface was detected as public instead of domain due to timer issue with Network Location Awareness (NLA).
Fixed an issue where the GlobalProtect HIP check did not detect Patch Management information for the Microsoft Intune management extension software.

GlobalProtect App 5.2.7 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.7 for iOS.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish a connection when the root CA certificate was configured in the portal configuration and also installed on the device.

GlobalProtect App 5.2.6 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.6 for Windows, macOS, Android, and Linux. Most of these addressed issues were in GlobalProtect app 5.2.5-c84 for Windows and macOS, which was a hotfix release.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on Android devices, users had to always manually select a certificate even when the certificate was pre-selected from AirWatch.
When the GlobalProtect app installed on Windows and macOS devices are connected to gateways on PAN-OS 8.0 or earlier releases, the HIP report generated by GlobalProtect will no longer be sent to the gateway. When using GlobalProtect app 5.2.6 with gateways enabled on PAN-OS 8.0 or earlier releases, you should disable Collect HIP Data.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and when Save User Credentials was set to No, the username field was already populated with the username for the machine certificate when gateway authentication did not use certificate-based authentication.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, unusual DNS server entries were found after the system woke up.
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, users experienced multiple transparent software upgrade issues on the device.
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, the PanGPS.log file flushed out quickly.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur and split tunnel was configured to exclude application traffic such as Zoom, some excluded traffic were still forwarded through the tunnel.
Fixed an issue where the GlobalProtect app did not perform network discovery and reconnect to the internal network when the primary IP address was changed.
Fixed an issue where, when the GlobalProtect app was installed on the end user’s device and System Center Configuration Manager (SCCM) was used to set the PORTAL and CANCHANGEPORTAL values to no from the Windows Installer (Msiexec), the end user was unable to connect to the app when logging in for the first time.
Fixed an issue where the GlobalProtect pre-logon tunnel was unnecessarily disconnected when switching from pre-logon mode to user-logon mode.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, the GlobalProtect HIP check did not detect the correct Disk Encryption for the Bitlocker Drive Encryption, which caused the device to fail the HIP check.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check took longer than expected to collect the HIP information for the Sentinel Agent anti-malware software leading up to an inaccurate HIP report.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Elastic Security Endgame Sensor 3.x Anti-Malware application, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app displayed a script error instead of the GlobalProtect embedded browser Security Assertion Markup Language (SAML) login page when users tried to connect to the app through SAML authentication when Okta was used as the identity provider (ldP). This issue occurred after upgrading from GlobalProtect app 5.2.3 to GlobalProtect app 5.2.5.
Fixed an issue where the GlobalProtect app was unable to establish a connection and the GlobalProtect service continuously restarted with an inactive message that was displayed on the GlobalProtect agent after a system reboot.
Fixed an issue where, when the GlobalProtect app was installed on Android endpoints and users connect in user-logon mode, the VPN connection failed when users switched from an external network to an internal network.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and after the device was rebooted, the app attempted to connect but failed. As a result, users had to disconnect and then reconnect to the app.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Microsoft Defender ATP software, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct date and year for the Microsoft Defender ATP software, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was unable to translate the CA certificate that contained unicode characters for certificate authentication, and as a result, client certificate authentication failed.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.16 application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the GlobalProtect HIP check did not detect the correct date and year for the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the GlobalProtect HIP process (PanGpHip) crashed multiple times and the gateway was disconnected.
Fixed an issue where the GlobalProtect authentication failed when the new password contained the (+) character.
Fixed an issue where the GlobalProtect app displayed a script error instead of the GlobalProtect embedded browser Security Assertion Markup Language (SAML) login page when users tried to connect to the app through SAML authentication when Okta was used as the identity provider (ldP).
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Save User Credentials was enabled, users were prompted for credentials for every alternate gateway authentication when SAML was used as the portal authentication.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Morphisec Protector software, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices and the portal was down or unreachable, the app displayed an error message when the app used the cached portal client configuration.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and after upgrading from GlobalProtect app 5.2.4 to GlobalProtect 5.2.5, the app attempted to reconnect when the connect method was set to On-Demand mode.
Fixed an issue where, when the GlobalProtect app was installed on Windows, the app did not identify the firewall settings for Kaspersky Endpoint Security.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
Fixed an issue where users established a GlobalProtect connection to Prisma Access but failed to connect to a manually selected Prisma Access gateway.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Resolve All FQDNs Using DNS Servers Assigned by the Tunnel was set to Yes, DNS resolution failed in a dual stack environment.
Fixed an issue where users established a GlobalProtect connection to Prisma Access but failed to connect to a manually selected Prisma Access gateway when upgrading to GlobalProtect app 5.2.5.
Fixed an issue where information about the manual gateway was included in the portal message in the PanGPA.log file.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Real-Time Protection status for the ESET Endpoint Antivirus, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured based on the destination domain, IPv6 traffic was forwarded through the tunnel.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the pre-logon tunnel was not renamed after users logged in to the device through SAML authentication.
Fixed an issue where the GlobalProtect app displayed the following notification when Connect with SSL Only was enabled by you or the end user:
The network connection is unreliable and GlobalProtect reconnected using an alternate method. You may experience slowness when accessing the internet or business applications.
With this fix, this notification will display only when GlobalProtect falls back to using SSL after attempting IPSec. If you specified the amount of time (in hours) during which you want the GlobalProtect app to Automatically Use SSL When IPSec Is Unreliable for example 5 hours, the app will not display this notification during the specified time period because it will not attempt to establish an IPSec tunnel and instead establish an SSL tunnel.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the pre-logon tunnel was not renamed after users logged in to the device through SAML authentication.
Fixed an issue where the GlobalProtect app did not display the proper authentication message for the login screen when the RSA token was not synchronized. This issue occurred when GlobalProtect was used with seamless RSA authentication.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the DNS short name resolution was not queried with all the DNS suffixes present on the client machine.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app delayed establishing a connection to the gateway for 90 seconds because of the delay in setting up the IP address on the virtual adapter.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7, the GlobalProtect HIP check did not detect the Carbon Black Cloud application, which caused the device to fail the HIP check.
Fixed an issue where GlobalProtect parsed the external gateways from the portal configuration and each gateway was resolved individually and thereby increased the time to finish DNS resolution for all the external gateways. With this fix, GlobalProtect will now resolve only the first external gateway at the beginning of network discovery, and then resolve all the external gateways (auto discovery) at the same time. This can help to reduce the time for DNS resolution.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the character size of the pre-login page was difficult to read on high-resolution. With this fix, users now have the option to Zoom In, Zoom Out, and Restore Default Zoom when they connect to the app through SAML authentication using Okta as the ldP.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect agent restarted when the system extensions were loaded.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running 10.14.6, the GlobalProtect HIP check did not detect the Anti-Malware information for the Carbon Black Endpoint Detection and Response application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect correct the Last Full Scan Time information for the Symantec Endpoint Protection, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur and when the pre-logon tunnel was established to the internal gateway, the Enforcer status was enabled.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the app failed to connect to the portal or gateway after upgrading from GlobalProtect app 5.0.9 to GlobalProtect 5.2.4.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Disk Encryption information for the enumerated disks, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.16 application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app did not display the GlobalProtect system tray icon after the explorer.exe application was restarted from the Task Manager.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect tunnel was disconnected after the device woke up from Modern Standby mode.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Real-Time Protection status for the ESET Endpoint Antivirus, which caused the device to fail the HIP check.
Fixed an issue where, the GlobalProtect HIP check did not detect the correct Last Full Scan Time information for SenitnelOne Antivirus 4.4.2, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was configured for split tunnel based on the destination domain, the fully qualified domain names were case-sensitive when the number of inclusions and exclusions added to the list was more than eight entries.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the user interface of the GlobalProtect agent was unresponsive when users were prompted to enter their one-time password (OTP).
Fixed an issue where users were not prompted for their login credentials after using Remote Desktop Protocol (RDP) to connect to the GlobalProtect app and they were disconnected after the grace period expired.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the web interface did not display the normal window size when seamless soft-token authentication was used on a high display resolution (3840 X 2160) system. This issue occurred when the auth-api value was set to yes in the Windows registry.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and after the GlobalProtect agent was installed as the SYSTEM user through SCCM or Microsoft Intune, the repair message pops-up for modern devices and failure or reconnection message pop-ups for normal devices.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude application traffic such as Microsoft Teams and Zoom, some excluded traffic was still forwarded through the tunnel.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect enforcer blocked SAML authentication after the endpoint woke up from sleep mode.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct Anti-Malware information for the Last Full Scan Time for Sophos Endpoint Protection, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude destination domain traffic that included a wildcard character (*) for domain names, excluded traffic is still forwarded through the tunnel.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the No direct access to local network option was enabled on the gateway, the default route was deleted for the interface to the local gateway when the IPv6 address was changed that caused GlobalProtect to disconnect.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed the The connection has failed error message when changing from WiFi to a LTE network.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, traffic was blocked for 25-45 seconds for some users while generating the HIP report.
Fixed an issue where, when the GlobalProtect app was installed on Windows, macOS, and Linux devices, the HIP process collected information about all supported endpoint security software even when HIP Data Collection was configured on the portal to exclude categories, vendors, and products.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, client certificate authentication failed when using a common access card (CAC).
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cybereason.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the output [1]+ Done $PANGPA start was displayed when users executed commands such as ls /etc/hostname or echo hi in the command prompt.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app automatically switched to the graphics processor on the user’s device during SAML authentication.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the transparent software upgrade failed for the GlobalProtect app.

GlobalProtect App 5.2.6 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.6 for iOS.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed The connection has failed error message when changing from WiFi to a LTE network.

GlobalProtect App 5.2.5 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.5 for Android, Chrome, Windows, macOS, and Linux.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the app was unable to establish a connection when the Netskope Client was installed on the system.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was disconnected from the tunnel and performed a network discovery after waking up from Modern Standby mode.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app failed to establish a connection when the SIP softphone client was installed on the system.
Fixed an issue where, when the gateway was manually selected for the first time instead of the Best Available gateway, any subsequent connections to the Best Available gateway allowed end users to connect to the manually selected gateway rather than the Best Available gateway.
Fixed an issue where the About GlobalProtect dialog did not display the copyright symbol when the system language was German.
Fixed an issue where the Custom Password Expiration Message (LDAP Authentication Only) notification displayed grammatical errors when the system language was German.
Fixed an issue where the GlobalProtect app detected two or more internal gateways and all the gateways required users to authenticate through SAML authentication, the app stopped all operations following SAML authentication with the first gateway.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS 10.15 or 11.0, the GlobalProtect HIP check did not detect the CrowdStrike Falcon application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.11 application, which caused the device to fail the HIP check.
Fixed an issue where the ADUC application and computer console experienced slowness after upgrading from GlobalProtect app 5.1.3 to 5.2.3.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.12 application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and split tunnel was configured based on the application, some traffic did not follow the split tunnel configuration on applications such as Microsoft Teams.
Fixed an issue where the GlobalProtect client on the end user’s endpoint did not connect to the Best Available gateway after the endpoint woke up from sleep mode. This issue occurred when SAML authentication was used and in the auto-scaled gateway scenario. With this fix, the GlobalProtect client can also connect to the Best Available gateway in the auto-scaled gateway scenario.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the clear text password was visible through a memory dump when using the system browser for SAML authentication.
Fixed an issue where, when split tunnel was configured based on the destination domain and Both Network Traffic and DNS was selected, users experienced a delay when accessing the exclusions applied to the DNS traffic and the associated network application traffic for that domain.
Fixed an issue where the default route for the tunnel was removed shortly after establishing the tunnel.
Fixed an issue where the GlobalProtect HIP check did not correctly detect the Last Full Scan Time information for the Windows Defender on Windows endpoints, which caused the endpoints to fail the HIP check.
Fixed an issue where, after the GlobalProtect app was upgraded to release 5.1.6, the GlobalProtect virtual adapter was unable to be setup properly when using laptop docking stations.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and used a smart card for client certificate authentication, the number of prompts used between the portals were different.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the whether the Firewall software was enabled, which caused the endpoints to fail the HIP check.
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Sophos Endpoint Protection.
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cisco Advanced Malware Protection (AMP).
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Sophos Endpoint Protection version 10.0.0.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the app was unable to automatically launch due to the Cannot connect to local GPD service error message.
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect virtual interface adapter continued to stay enabled when connected to an internal network. Subsequently, the app failed to establish a tunnel connection with an external gateway on the external network due to the Failed to get default route entry error message, which caused the virtual adapter activation to fail.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the Custom Password Expiration Message (LDAP Authentication Only) notification is blank after you changed the message setting.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the command string for pre-vpn-connect or post-vpn-connect contained arguments with one or more whitespace characters, which caused the built-in GlobalProtect app upgrade to fail.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7, the GlobalProtect HIP check did not detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application version 4.9.2, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch-Management software for the JAMF Pro software application, which caused the device to fail the HIP check.
Fixed an issue where the HIP report did not contain the correct Last Full Scan Time information for the AVG Internet Security software.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch-Management software for the JAMF Pro software application, which caused the device to fail the HIP check.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Avast Antivirus software version 20.x. After upgrading from Antivirus software version 18.x, the GlobalProtect HIP check did detect the Avast Antivirus software version 20.x.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect agent stopped running after the device initially connected to the portal or gateway.
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cybereason.

GlobalProtect App 5.2.5 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.5 for iOS.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the connection on a 4G LTE network when the gateway was resolved to IPv6 only.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, VPN tunnel restoration was not supported when the portal was configured in Always On mode.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed No available network even when the network was available.

GlobalProtect App 5.2.4 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.4 for Windows, macOS, Android, and Linux.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on Chromebooks, the selection criteria for the portal agent configuration failed when the OS configured in the Config Selection Criteria was specified as Chrome.
Fixed an issue where SAML authentication was blocked because the GlobalProtect enforcer did not parse all the fully qualified domain names configured in the FQDN exclusions list.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices with the Resolve All FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only) set to Yes and after the portal configuration refresh interval timer was reached, the DNS queries were sent to both interfaces.
Fixed an issue where the GlobalProtect Update pop-up dialog displayed grammatical errors.
Fixed a rare issue where the PanGPS log file was not rotated and it caused the PanGPS.log file to consume a large amount of disk space.
Fixed an issue where the GlobalProtect app could not properly exclude multicast routes specified in the exclude list.
Fixed an intermittent issue where, when split tunnel was configured based on the destination domain and application, users were not allowed access to specific fully qualified domain names after changing the network.
Fixed an issue where, when the GlobalProtect app was installed on Windows and macOS devices with the Split-Tunnel Option enabled for both network traffic and DNS, the DNS queries were sent to both interfaces.
Fixed an issue where, when the GlobalProtect app was installed on macOS Big Sur devices and split tunnel was configured based on the application, the app was unable to connect to applications such as Zoom.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 or later, the app did not accept character input when using the on-screen Accessibility Keyboard required for remote learning.
Fixed an issue where the GlobalProtect app was configured with Pre-logon then On-demand mode and if the network was changed or the network connection was lost during pre-logon tunnel mode, the pre-logon tunnel was not able to reconnect to the app after the machine was connected to the network.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was disconnected from the tunnel after the Pre-logon Tunnel Rename Timeout expired even when users successfully authenticated to the gateway through either SAML authentication or RADIUS for two-factor authentication.
Fixed an issue where the GlobalProtect app will not perform network discovery due to a network change event when the app was connected to the internal gateway without a tunnel connection.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, DNS resolution failed when the app was connected on Ubuntu 20.04.
Fixed an issue where the GlobalProtect client continued to stay in connecting state even when SAML authentication was configured to establish a connection to the portal or gateway.
Fixed an issue where, after you installed the GlobalProtect app on macOS devices using the client upgrade prompt, a kernel panic occurred on the macOS device.
Fixed an issue where the GlobalProtect app continued to stay in connecting state after failing to meet the Config Selection Criteria configured on the portal following a successful SAML authentication.
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices and network connectivity was enabled in Modern Standby, the tunnel failed to be restored after waking up from sleep mode.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Duo Security multi-factor authentication (MFA) was used to authenticate users through SAML authentication on the identity provider (ldP), the app did open an embedded browser using Connect Before Logon but the content incorrectly displayed.
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in connecting state. Users had to close and launch the app to establish the connection.

GlobalProtect App 5.2.4 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.4 for iOS.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app continued to stay in connecting state after changing the network type and failed to automatically reconnect.

GlobalProtect App 5.2.3 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.3 for Windows, macOS, Linux, and Android.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect tunnel could not send traffic after the system woke up from sleep mode.
Fixed an issue where the GlobalProtect tunnel was disconnected when the server sent packets greater than 1524.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect virtual interface was locally unreachable.
Fixed an issue on the GlobalProtect agent when the response from the gateway pre-login included the error status and an empty message, but the GlobalProtect client was not expected to receive the response from the pre-login with the error status and an empty message. With this fix, the GlobalProtect client is configured to handle the error status and the empty message response from the gateway pre-login when the minimum version is set to TLSv1.2 in the SSL/TLS service profile.
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the gateway was randomly disconnected and users cannot reconnect until they force stop or force start the app.
Fixed an issue where, after you upgraded the GlobalProtect app to release 5.2.1 or release 5.2.2 on macOS devices using the client upgrade prompt, a kernel panic occurred on the macOS device.
Fixed an issue where the HIP report did not contain the correct Last Full Scan Time information for the AVG Internet Security software.
Fixed an issue where, when the GlobalProtect app was installed on Android devices and when the Allow Authentication with User Credentials OR Client Certificate option was set to Yes on the portal, users were not able to authenticate to the portal with a valid client certificate. With this fix, users are now able to authenticate to the portal with a valid client certificate when the Allow Authentication with User Credentials OR Client Certificate option is set to Yes on the portal.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GUI version of GlobalProtect sometimes was unresponsive (for example, when the GNOME Shell was replaced).
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Anti-Malware information for Sophos Endpoint Protection version 10.0.0.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the speed limit of the GlobalProtect adapter was set to a maximum of 100Mbps, With this fix, the speed limit of the GlobalProtect adapter is now set to a maximum of 2Gbps.
Fixed an issue where, when the GlobalProtect Android app was installed on Chromebooks, the app identified the operating system as Android instead of Chrome.
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the tunnel when the connection was on the mobile network.
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GUI version of GlobalProtect hangs when multiple terminals were launched (in a multi-user target) or when one terminal had to be launched for the GUI version to launch.
Fixed an issue on Windows endpoints where, if the GlobalProtect app is configured with the Pre-logon (Always On) Connect Method with the Pre-logon Tunnel Rename Timeout value set to -1 (or any other value) and users disable the app and reboot their endpoint, the pre-logon tunnel is up after they login. After the system reboots, the app is disabled but the virtual interface is enabled. With this fix, the app and the virtual interface are disabled after a system reboot.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina, the GlobalProtect service restarted after a system reboot or when users logged out and logged in to the endpoint.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and the No direct access to local network option was enabled, users with administrator privileges were able to modify the routing table to bypass the VPN tunnel.
Fixed an issue where Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to log in to the Windows 10 endpoint, users were able to launch the command prompt from the authentication web browser.
Fixed an issue where, when the GlobalProtect app was installed on Windows endpoints and split tunnel was configured based on the application, handle leaks were observed by the GlobalProtect service.
Fixed an issue where the GlobalProtect app failed to connect to the portal or gateway in the Prisma Access network through the proxy.
Fixed an issue where, when the GlobalProtect app was deployed on managed Android devices through a mobile device management (MDM) system such as Microsoft Intune, the app hangs in Connecting state and the tunnel failed to be restored when users moved to a poor cell reception.
Fixed an issue where the GlobalProtect HIP check did not detect Patch Management information for the Microsoft Intune management extension software.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the No direct access to local network option was enabled on the gateway, the access route to the default gateway was not properly masked.
Fixed an issue on Windows 10 endpoints where the Active Directory Users and Computers (ADUC) application experienced high latency when users established a GlobalProtect connection.
Fixed an issue where, after you upgraded and installed the GlobalProtect app, the app was unable to connect to the gateway due to the Failed to get default route entry error message.
Fixed an issue where the GlobalProtect app was unable to establish a connection to the gateway because the fully qualified domain name (FQDN) specified for the gateway mapped to a different IP address during network discovery and pre-login. With this fix, the app performed a network discovery again and connected to the Best Available gateway.
Fixed an issue where, when the GlobalProtect app was installed on Windows endpoints, the app was disconnected from the VPN tunnel after the pre-logon tunnel grace period expired even when users logged in to the endpoint and the pre-logon tunnel was successfully renamed. This issue occurred when two-factor authentication (2FA) was used.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app performed a second network discovery after gateway authentication was successful. This issue resulted in two authentication prompts (for example, the SAML authentication type) right after waking up from sleep mode.
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.4, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app selected the geographically distant gateway instead of the gateway with the faster response time. With this fix, the Best Available gateway is now determined by the assigned weight of the gateway.
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Engine Version, Definition Version, and Date for the CrowdStrike Falcon application.
Fixed an issue where portal authentication failed due to the authentication failure during the GlobalProtect App Config Refresh configuration, which caused users to be locked out of the RSA device.
Fixed an issue where the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
Fixed an issue where the GlobalProtect app was configured with On-Demand mode and continued to stay in connecting state even when manually switching to a different gateway failed. With this fix, the app will now display an error message when switching to a different gateway failed.
Fixed an issue where, when the GlobalProtect app was connected on Linux endpoints, the DNS content was removed from the resolv.conf file found in the /etc folder because the network was interrupted.
Fixed an issue in GlobalProtect for macOS endpoints where installing or upgrading the package using a MDM system such as JAMF Pro resulted in a GlobalProtect app initialization failure.
Fixed an issue where the original DNS suffixes were removed from the client machine and only the DNS suffixes from the gateway were applied.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect service modified the DNS suffix system list even when the gateway pushed an empty DNS suffix list.
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in connecting state. Users had to close and launch the app to establish the connection.

GlobalProtect App 5.2.2 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.2 for Windows, macOS, and iOS.
Issue ID
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the GlobalProtect service was started multiple times when users initiated the VPN connection from the iOS VPN settings.
Fixed an issue where the GlobalProtect app took more than 2 minutes to establish a connection when users installed the app for the fist time on macOS endpoints running macOS Catalina 10.15.4 or later. This issue occurred when the administrator did not select the GlobalProtect System Extensions check box during the installation.

GlobalProtect App 5.2.1 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.1 for Windows, macOS, Linux, Android, and iOS.
Issue ID
Fixed an issue where in high bandwidth environments, the download speed through the GlobalProtect connection was slower than the upload speed.
Fixed an issue where, when the GlobalProtect app was deployed for Android on managed Chromebooks using the Google Admin console, the app disconnected and reconnected because the same managed configuration file was pushed from the Google Admin Console multiple times.
Fixed an issue for Android on Chromebooks where, if the GlobalProtect app was configured with the Always On connect method, the app did not automatically connect to the portal after users rebooted the system.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect client failed to rename the pre-logon tunnel to the user tunnel when SAML was used to authenticate users.
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and a connection was established, high CPU usage (around 30 percent) was detected for the system process.
Fixed an issue, when the GlobalProtect app was installed on iOS devices with Always On mode as part of the VPN profile, the app frequently reported authentication errors. This issue occurred when the portal cache configuration was not saved successfully.
Fixed an issue, when the GlobalProtect app was installed on macOS endpoints running macOS Catalina 10.15 or later and HIP checks were enabled, the macOS endpoint displayed additional pop-ups to the user when GlobalProtect requested to access your Desktop, Documents, and Downloads folders.