GlobalProtect
Addressed Issues
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
10.1 & Later
- 10.1 & Later
- 9.1 (EoL)
-
- How Does the App Know Which Certificate to Supply?
- Set Up Cloud Identity Engine Authentication
- Configure GlobalProtect to Facilitate Multi-Factor Authentication Notifications
- Enable Delivery of VSAs to a RADIUS Server
- Enable Group Mapping
-
-
- GlobalProtect App Minimum Hardware Requirements
- Download the GlobalProtect App Software Package for Hosting on the Portal
- Host App Updates on the Portal
- Host App Updates on a Web Server
- Test the App Installation
- Download and Install the GlobalProtect Mobile App
- View and Collect GlobalProtect App Logs
-
-
- Deploy App Settings in the Windows Registry
- Deploy App Settings from Msiexec
- Deploy Scripts Using the Windows Registry
- Deploy Scripts Using Msiexec
- Deploy Connect Before Logon Settings in the Windows Registry
- Deploy GlobalProtect Credential Provider Settings in the Windows Registry
- SSO Wrapping for Third-Party Credential Providers on Windows Endpoints
- Enable SSO Wrapping for Third-Party Credentials with the Windows Registry
- Enable SSO Wrapping for Third-Party Credentials with the Windows Installer
- Deploy App Settings to Linux Endpoints
- GlobalProtect Processes to be Whitelisted on EDR Deployments
-
-
- Mobile Device Management Overview
- Set Up the MDM Integration With GlobalProtect
- Qualified MDM Vendors
-
-
- Set Up the Microsoft Intune Environment for Android Endpoints
- Deploy the GlobalProtect App on Android Endpoints Using Microsoft Intune
- Create an App Configuration on Android Endpoints Using Microsoft Intune
- Configure Lockdown Mode for Always On Connect Method on Android Endpoints Using Microsoft Intune
-
- Deploy the GlobalProtect Mobile App Using Microsoft Intune
- Configure an Always On VPN Configuration for iOS Endpoints Using Microsoft Intune
- Configure a User-Initiated Remote Access VPN Configuration for iOS Endpoints Using Microsoft Intune
- Configure a Per-App VPN Configuration for iOS Endpoints Using Microsoft Intune
-
-
-
- Create a Smart Computer Group for GlobalProtect App Deployment
- Create a Single Configuration Profile for the GlobalProtect App for macOS
- Deploy the GlobalProtect Mobile App for macOS Using Jamf Pro
-
- Enable GlobalProtect System Extensions on macOS Endpoints Using Jamf Pro
- Enable GlobalProtect Network Extensions on macOS Big Sur Endpoints Using Jamf Pro
- Add a Configuration Profile for the GlobalProtect Enforcer by Using Jamf Pro 10.26.0
- Verify Configuration Profiles Deployed by Jamf Pro
- Remove System Extensions on macOS Monterey Endpoints Using Jamf Pro
- Non-Removable System Extensions on macOS Sequoia Endpoints Using Jamf Pro
- Uninstall the GlobalProtect Mobile App Using Jamf Pro
-
- Configure HIP-Based Policy Enforcement
- Configure HIP Exceptions for Patch Management
- Collect Application and Process Data From Endpoints
- Redistribute HIP Reports
-
- Identification and Quarantine of Compromised Devices Overview and License Requirements
- View Quarantined Device Information
- Manually Add and Delete Devices From the Quarantine List
- Automatically Quarantine a Device
- Use GlobalProtect and Security Policies to Block Access to Quarantined Devices
- Redistribute Device Quarantine Information from Panorama
- Troubleshoot HIP Issues
-
-
- Enable and Verify FIPS-CC Mode on Windows Endpoints
- Enable and Verify FIPS-CC Mode on macOS Endpoints
- Enable and Verify FIPS-CC Mode Using Workspace ONE on iOS Endpoints
- Enable FIPS Mode on Linux EndPoints with Ubuntu or RHEL
- Enable and Verify FIPS-CC Mode Using Microsoft Intune on Android Endpoints
- FIPS-CC Security Functions
- Resolve FIPS-CC Mode Issues
-
-
- Remote Access VPN (Authentication Profile)
- Remote Access VPN (Certificate Profile)
- Remote Access VPN with Two-Factor Authentication
- GlobalProtect Always On VPN Configuration
- Remote Access VPN with Pre-Logon
- User-Initiated Pre-Logon Connection
- GlobalProtect Multiple Gateway Configuration
- GlobalProtect for Internal HIP Checking and User-Based Access
- Mixed Internal and External Gateway Configuration
- Captive Portal and Enforce GlobalProtect for Network Access
- GlobalProtect on Windows 365 Cloud PC
-
- About GlobalProtect Cipher Selection
- Cipher Exchange Between the GlobalProtect App and Gateway
-
- Reference: GlobalProtect App Cryptographic Functions
-
- Reference: TLS Ciphers Supported by GlobalProtect Apps on macOS Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Android 6.0.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on iOS 10.2.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Chromebooks
- Ciphers Used to Set Up IPsec Tunnels
- SSL APIs
-
- View a Graphical Display of GlobalProtect User Activity in PAN-OS
- View All GlobalProtect Logs on a Dedicated Page in PAN-OS
- Event Descriptions for the GlobalProtect Logs in PAN-OS
- Filter GlobalProtect Logs for Gateway Latency in PAN-OS
- Restrict Access to GlobalProtect Logs in PAN-OS
- Forward GlobalProtect Logs to an External Service in PAN-OS
- Configure Custom Reports for GlobalProtect in PAN-OS
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- Download and Install the GlobalProtect App for Windows
- Use Connect Before Logon
- Use Single Sign-On for Smart Card Authentication
- Use the GlobalProtect App for Windows
- Report an Issue From the GlobalProtect App for Windows
- Disconnect the GlobalProtect App for Windows
- Uninstall the GlobalProtect App for Windows
- Fix a Microsoft Installer Conflict
-
- Download and Install the GlobalProtect App for macOS
- Use the GlobalProtect App for macOS
- Report an Issue From the GlobalProtect App for macOS
- Disconnect the GlobalProtect App for macOS
- Uninstall the GlobalProtect App for macOS
- Remove the GlobalProtect Enforcer Kernel Extension
- Enable the GlobalProtect App for macOS to Use Client Certificates for Authentication
-
6.1
- 6.1
- 6.0
- 5.1
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
Addressed Issues
Review the list of addressed issues in GlobalProtect app 6.3 for Windows and
macOS.
The following topics describe the issues addressed in GlobalProtect 6.3 versions:.
- GlobalProtect App 6.3.2 Addressed Issues
- GlobalProtect App 6.3.1-c383 Addressed Issues
- GlobalProtect App 6.3.1 Addressed Issues
- GlobalProtect App 6.3.0 Addressed Issues
GlobalProtect App 6.3.2 Addressed Issues
The following table lists the issues addressed in GlobalProtect app 6.3.2.
| Issue ID | Description |
|---|---|
|
GPC-22087
|
Fixed an issue where the GlobalProtect app was unable to validate
the certificate from OCSP.
|
|
GPC-22080
|
Fixed an issue where the OCSP requests were being rejected by the
OCSP responder with a HTTP 400 Bad
Request error due to the absence of the Host
header in the OCSP request.
|
|
GPC-21938
|
Fixed an issue where, when the GlobalProtect app version 6.3.x
was installed on devices running macOS, the HIP check failed to
detect ESET Endpoint Security version 8.
|
|
GPC-21918
|
Fixed an issue where, when the patch management category was
excluded for HIP checks, HIP checks were still happening for
missing patches which consumed CPU resources on users'
machine.
|
|
GPC-21838
|
Fixed an issue in which the GlobalProtect app, when installed on
Windows devices, caused a duplicate page to open in the system
default browser (Chrome) when the user clicked the hyperlink on
the Welcome page with fedmandate on the embedded browser.
|
|
GPC-21836
|
Fixed an issue in GlobalProtect 6.3.1 for macOS where the Refresh
Connection option was missing during the
Connecting state, specifically
for users who upgraded from version 6.3.0.
|
|
GPC-21778
|
Fixed an issue where the GlobalProtect IPSec tunnel got
disconnected on GlobalProtect app version 6.2.5 when
gpupdate /force command was
used to update policy.
|
|
GPC-21774
|
Fixed an issue where the GlobalProtect ARM64 installers for 6.2.5
version did not display the Digital Signatures
tab.
|
|
GPC-21771
|
Fixed an issue where the GlobalProtect HIP check incorrectly
detected Malware Definition Date for Trend Micro Deep Security
Agent, which caused the device to fail the HIP check.
|
|
GPC-21733
|
Fixed an issue where all the added portals got deleted from the
portal list except the connected portal when the GlobalProtect
app was upgraded from version 6.2.4 to 6.2.5-788. Users had to
manually add them again to resolve the issue.
|
|
GPC-21604
|
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS and were connected to the internal
gateway, the app did not display the
Disconnect option under
Settings.
|
|
GPC-21571
|
Fixed an issue where the hyperlink in HIP notification opened up
in Webview2 instead of the default browser.
|
|
GPC-21565
|
Fixed an issue where the SAML embedded browser did not remember
the username after sign-out, even when the user had selected the
check box Remember Me on the SAML
embedded browser.
|
|
GPC-21542
|
Fixed an issue where GlobalProtect got stuck in connecting and
failed the connection after some time.
|
|
GPC-21443
|
Fixed an issue where GlobalProtect crashed when the PanGPS
service was stopped.
|
|
GPC-21414
|
Fixed an issue where the SAML authentication page would
occasionally fail to appear due to the usage of a previous SAML
pre-login cookie.
|
|
GPC-21399
|
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS, the HIP check for the built-in firewall
shows N/A incorrectly.
The value should be either Yes or
No.
|
|
GPC-21370
|
Fixed an issue where the HIP check could not detect Trellix
Firewall Status, which caused the device to fail the HIP
check.
|
|
GPC-21332
|
Fixed an issue where the GlobalProtect HIP check incorrectly
detected Real Time Protection status for Avast and XProtect,
which caused the device to fail the HIP check.
|
|
GPC-21320
|
Fixed an issue where the GlobalProtect HIP check did not detect
Kaspersky Endpoint Security antimalware application which caused
the device to fail the HIP check.
|
|
GPC-21301
|
Fixed an issue where, when the user upgraded the GlobalProtect
app version to 6.2.4 with SAML authentication, users were unable
to connect to GlobalProtect intermittently when Enforcer is
enabled.
|
|
GPC-21247
|
Fixed an issue where GlobalProtect HIP set the Filevault
encryption status to unencrypted on macOS running devices, which
denied access to the end-point machines.
|
|
GPC-21222
|
Fixed an issue where the GlobalProtect HIP check incorrectly
detected the Real Time Protection Status and Last Full Scan for
Avast application, which caused the device to fail the HIP
check.
|
|
GPC-21206
|
Fixed an issue where the GlobalProtect service exited when the
user logs off or put the computer in sleep mode.
|
|
GPC-21174
|
Fixed an issue where the GlobalProtect HIP check did not detect
Real time protection status for Acronis Cyber Protection Agent,
which caused the device to fail the HIP check.
|
|
GPC-21130
|
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS, the GlobalProtect app failed to reconnect
and continued to stay in the
Connecting state after the
device woke up from Modern Standby
mode.
|
|
GPC-21106
|
Fixed an issue where the GlobalProtect HIP check did not detect
Real Time Protection status for Malwarebytes antimalware
application, which caused the device to fail the HIP check.
|
|
GPC-21043
|
Fixed an issue where the GlobalProtect app got stuck in
connecting stage after authentication when the app was upgraded
to 6.2.4 version.
|
|
GPC-20983
|
Fixed an issue where the GlobalProtect app was installed on
devices running macOS, the GlobalProtect got stuck in Connecting
state when the device woke up from sleep mode.
|
|
GPC-20967
|
Fixed an issue where, when the GlobalProtect app was installed
with the Conditional Connect method,
users had to click the Connect button
twice to connect to an external gateway after a system
reboot.
|
|
GPC-20943
|
Fixed an issue where the GlobalProtect enforcer blocked DHCP
packets.
|
|
GPC-20838
|
Fixed an issue where the HIP report was not completed within the
allowed time.
|
|
GPC-20807
|
Fixed an issue where the HIP report for Symantec Encryption
Desktop shows the encryption state as unencrypted.
|
|
GPC-20779
|
Fixed an issue where Windows regional settings were not respected
by Webview 2 on SAML embedded browser resulting in regional
language(French, German, Chinese, Spanish, and Japanese) not
loading properly in embedded browser.
|
|
GPC-20700
|
Fixed an issue where macOS users had to enter the SAML username
and password each time they refreshed or rebooted their
computer. This issue occurred more frequently when they used
Safari as the default browser or used the embedded browser.
|
|
GPC-20674
|
Fixed an issue where all GlobalProtect portals except for the
currently connected portal were deleted during the upgrade from
6.2.2 to 6.2.3 or from 6.2.3 to 6.3.0.
|
|
GPC-20492
|
Fixed an issue where the PanGPS process crashed due to exception
code 0xC0000374.
|
|
GPC-20466
|
Fixed an issue where the tunnel gets broken during modern standby
when using Enforce GlobalProtect for Network Access and the
enforcer gets re-enabled only after the user resumes working on
the computer.
|
|
GPC-20441
|
Fixed an issue where HIP reports are sometimes not available on
the firewall for newly connected users.
|
|
GPC-20322
|
Fixed an issue where users were unable to install GlobalProtect
6.2 on windows 11 ARM64 devices.
|
|
GPC-20191
|
Fixed an issue where the PanGPA executable version 6.1.2.83 did
not work as expected on Windows devices.
|
|
GPC-20168
|
Fixed an issue where it was possible to do a privilege escalation
and\or login bypass when using a 3rd party credential provider
with GlobalProtect.
|
|
GPC-18943
|
Fixed an issue where when Endpoint Traffic enforcement feature
was enabled, certain traffic was going through the physical
adapter and not getting blocked as per the rules set.
|
|
GPC-18695
|
Fixed an issue where, when the GlobalProtect app version 6.0.7
was installed on devices running macOS, the "Allow
with Passcode option did not work as expected
when the user tried to disable the GlobalProtect app with the
configured passcode.
|
|
GPC-18671
|
Fixed an issue where, when the GlobalProtect app was installed
on devices running macOS, the GlobalProtect macOS install
package created an unused /Library/Application folder.
|
|
GPC-18452
|
Fixed an issue where, when the GlobalProtect app was installed on
Windows devices, the app did not start right away after a system
reboot.
|
GlobalProtect App 6.3.1-c383 Addressed Issues
The following table lists the issues addressed in GlobalProtect app 6.3.1-c383.
|
Issue ID
|
Description
|
|---|---|
|
GPC-21486
|
Fixed an issue where users were unable to keep the proxy on when
the
tunnel was disconnected.
|
|
GPC-21414
| Fixed an issue where GlobalProtect gets stuck in a connecting loop upon authentication cookie expiration. |
|
GPC-21101
| Fixed an issue where the embedded browser pop-up with "Login Successful" was displayed for each SAML authentication. |
|
GPC-20983
| Fixed an a Windows computer resumes from sleep, the GlobalProtect app remains stuck in the connecting stage. |
|
GPC-20595
|
Fixed an issue where GlobalProtect users were unable to connect
after upgrading to 6.2.3-270 and received a "Your internet
access is blocked" error during SAML authentication using the
embedded browser.
|
|
GPC-20492
|
Fixed an issue where the PanGPS process crashed due to exception
code 0xC0000374.
|
GlobalProtect App 6.3.1 Addressed Issues
The following table lists the issues addressed in GlobalProtect app 6.3.1.
| Issue ID | Description |
|---|---|
| GPC-21022 | Fixed an issue where the GlobalProtect re-authentication prompt appeared in the background instead of the foreground after deploying Okta FastPass. |
| GPC-20895 | Fixed an issue where a macOS GlobalProtect app user was able to modify or add a new portal even though the portal agent configuration specified Allow User to Change Portal Address = NO and Allow user to Sign Out from GlobalProtect App = No. |
| GPC-20864 | Fixed an issue where the GlobalProtect embedded browser login window did not stay pinned to the front of all open windows on Windows and MAC computers. |
| GPC-20839 | Fixed an issue where a macOS user was unable to connect to the GlobalProtect app. |
| GPC-20722 | Fixed an issue in the GlobalProtect macOS client where the UI incorrectly displayed a "Not Connected" status and a "Connect" button while the user was in the process of connecting to a new gateway. |
| GPC-20645 | Fixed an issue where the GlobalProtect macOS app was stuck in connecting stage when the macOS computer woke from sleep and the user had to restart the computer. |
| GPC-20601 | Fixed an issue where users unable to connect to GlobalProtect after upgrading from version 6.2.2 to 6.2.3 via JAMF. |
| GPC-20595 | Fixed an issue where GlobalProtect users were unable to connect after upgrading to 6.2.3-270 and received a Your internet access is blocked error during SAML authentication using the embedded browser. |
| GPC-20527 | Fixed an issue where the Conditional Connect method configured for the GlobalProtect app did not work as expected when the user shifted from external network (home) to an internal network (office). Users had to reboot the system to resolve this issue. |
| GPC-20463 | Fixed an issue where the GlobalProtect status panel is not disabled at startup when the Display Status Panel at Startup parameter is set to no. |
| GPC-20442 | Fixed an issue on appliances running PanOS 10.1.11-h1 and GlobalProtect 6.0.10-811 where the tunnel status failed to update to connected immediately after establishment. This problem was specific to IPv4-only clients connecting to dual-stack (IPv4 + IPv6) GlobalProtect gateways or portals. |
| GPC-20427 | Fixed an issue where the GlobalProtect client on Windows 11 devices displayed an error message "The parameter is incorrect" when attempting to connect to a firewall running PAN-OS 10.1.13 with SAML authentication enabled. |
| GPC-20374 | Fixed an issue where users were unable to connect to GlobalProtect if they accidentally clicked decline on the Terms of Service page. |
| GPC-20157 | Fixed an issue where the gateway location was not correctlydisplayed in the Connections panel. |
| GPC-20143 | Fixed an issue where the user was redirected to the Authentication page twice on the default browser for both portal and gateway authentication when SAML was configured. |
| GPC-20114 | Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the certificate information was incorrect during the portal login phase causing authentication failure. |
| GPC-20112 | Fixed an issue where the GlobalProtect HIP check incorrectly detected Real time protection status for Kaspersky Endpoint Security, which caused the device to fail the HIP check. |
| GPC-20091 | Fixed an issue where pre-logon failed when the computer was rebooted, when the machine store had an expired and active certificate. |
| GPC-20080 | Fixed an issue where the GlobalProtect logs displayed different event messages for Windows and macOS devices when the Allow User to Disable GlobalProtect App was set to Allow with Passcode for the GlobalProtect app. |
| GPC-20060 | Fixed an issue where it was possible for the GlobalProtect enforcer to be disabled when there was a network change during portal authentication. |
| GPC-20040 | Fixed an issue where GlobalProtect did not re-check for internal gateways when using cached portal configuration and an external network was previously detected. |
| GPC-19991 | Fixed an issue where client certificate authentication between embedded browser and IdP (SAML) fails. |
| GPC-19966 | Fixed an issue where the embedded browser was unable to load the Microsoft IdP login page for the users to authenticate to the GlobalProtect app. |
| GPC-19901 | Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the app got disconnected and reconnected intermittently. |
| GPC-19889 | Fixed an issue where, when the GlobalProtect app was installed on Windows machine and Connect Before Logon (CBL) was configured for the app, the app did not start properly when the user logged on to the device. |
| GPC-19840 | Fixed an issue where Mac computers did not display all gateways in the Search Gateway tab. |
| GPC-19833 | Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the Smart card (Yubikey) authentication did not work when the device woke up from sleep mode. |
| GPC-19753 | Fixed an issue where the GlobalProtect icon could not be selected using the keyboard. |
| GPC-19751 | Fixed an issue where the programmatic and visual label for the GlobalProtect form field was not announced. |
| GPC-19686 | Fixed an issue where translation errors were observed in the GlobalProtect app for French localization. |
| GPC-19659 | Fixed an issue where macOS users were connected to the GlobalProtect app before they agreed to their company’s terms of service. |
| GPC-19513 | Fixed an issue where the GlobalProtect app was trying to use the old portal's authorization cookie to login instead of the newly migrated portal. This happened when the user changed from secondary portal to primary portal or vice versa without signing out. |
| GPC-19475 | Fixed an issue where users got connection errors in an embedded browser after the computer woke up from sleep or when the user switched gateways. |
| GPC-19433 | Fixed an issue where a small white blank page randomly popped up on the device screen distracting the users. This issue occurred while the device was connected to GlobalProtect app. |
| GPC-19373 | Fixed an issue where the HIP remediation pop up is displayed even when the user is disconnected. |
| GPC-18991 | Fixed an issue where the proxy auto-configuration (PAC) files were not restored as expected after a system reboot or when the user disconnected the GlobalProtect app. |
| GPC-18728 | Fixed an issue where the ‘I Agree’ option on the GlobalProtect app Welcome page did not work as expected when the user selected the option using a keyboard. |
| GPC-18702 | Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the “Allow Manually upgrade failed when the user tried to upgrade the GlobalProtect app version from 6.0.5 to 6.0.7. |
| GPC-18647 | Fixed an issue where the user reported an issue using the Report an Issue option on the GlobalProtect app and the issue was not reported as expected. |
|
GPC-17820
|
Fixed an issue where Firefox was not supported for proxied
traffic in Tunnel and Proxy mode or proxy mode.
|
| GPC-17727 | Fixed an issue where when the GlobalProtect app was connected in Tunnel and Proxy mode or proxy mode, SSH traffic could not be sent over the proxy. |
| GPC-16975 | Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the screen reader did not announce the name of the GlobalProtect gateway when the gateway was marked with the star symbol. |
| GPC-15750 | Fixed an issue where a hyperlink in a HIP notification opened in the GPO-disabled Internet Explorer 11 browser instead of the default browser. |
GlobalProtect App 6.3.0 Addressed Issues
There are no addressed issues in GlobalProtect app 6.3.0 release.