Fixed an issue where, in the GlobalProtect app on macOS, keyboard focus did not automatically move to the required "Enter portal Address" field when a user attempted to add a new portal without entering an address. This accessibility issue impacted keyboard-dependent users.

Fixed an issue where the firewall, when configured to obtain IP addresses from a DHCP server for GlobalProtect clients, sent a MAC address of '00' to the DHCP server specifically for MacOS 26 (Tahoe) clients running GlobalProtect App versions 6.2 or 6.3, which resulted in IP address collisions on the DHCP server.

Fixed an issue where the GlobalProtect Connect Before Logon tunnel disconnected for new users on their first logon. This issue affected GP client versions 6.2.8-hx and 6.3.3-hx.

Fixed an issue where the GlobalProtect Portal welcome page, when displayed in German, incorrectly presented a button labeled 'Genau' instead of 'Zustimmen' (Accept).

Fixed an issue where GlobalProtect clients, after upgrading to versions 6.2.8-263, 6.3.3-h2, or 6.3.3-h3, would get stuck in a connecting loop and fail to connect to the portal or gateways. This occurred because the GlobalProtect app crashed when attempting to delete previous SAML user data, specifically when the user data folder path contained non-ANSI characters that the app could not convert to a UTF-16 path.

Fixed an issue where split tunneling domain exclusions on GlobalProtect App version 6.3.3-C711 for Windows clients failed to function as expected after the application disconnected and reconnected. This resulted in traffic for domains configured for exclusion being incorrectly routed through the VPN tunnel instead of directly, because the TTLMap for split tunneling domain rules was not properly cleared when the GlobalProtect App re-established its connection.

Fixed an issue where GlobalProtect clients on macOS devices, specifically version 6.3.3-h2, were unable to resolve internal IPv6 domains when split tunneling was enabled and the operating system lacked native IPv6 connectivity. This occurred because the client's logic, which was designed to apply IPv6 configuration only when the OS already had native IPv6 connectivity, prevented the GlobalProtect tunnel from properly handling IPv6 traffic, resulting in "Err name not resolved" errors for internal FQDNs.

Fixed an issue where GlobalProtect portal authentication failed for some macOS users when attempting to use saved credentials. This issue, observed on GlobalProtect client versions 6.2.8 and 6.3.3, resulted in an immediate authentication failure on the client and firewall logs indicating an invalid username or password, even though the credentials were valid for other macOS clients.

Fixed an issue where the Host Information Profile (HIP) banner was not displayed on Windows 11 client machines running GlobalProtect client versions 6.2.8-h7 and 6.3.3. This occurred due to a timing or race condition where the GlobalProtect client (PanGPA) received an outdated status, preventing the visual display of HIP match or not-match notifications, even though the messages were recorded in the client logs.

Fixed an issue where, after a client machine regained internet access, Network Discovery was skipped due to the fed-mandate-accept setting, preventing automatic reconnection to the Prisma Access gateway. This occurred when the device switched from a non-internet-accessible Ethernet connection to a 5G connection.

Fixed an issue where GlobalProtect Client version 6.2.8 running in Windows 365 environments, would experience PanGPA getting stuck during the tunnel rename process. This prevented successful gateway authentication and registration after users closed and re-opened their Windows 365 session, leading to a pop-up message prompting users to re-authenticate.

Fixed an issue where the GlobalProtect agent on macOS devices entered a connecting loop when attempting to connect to an IPv6 gateway due to a missing gateway preservation in the original script. This resulted in the tunnel interface capturing the route to the gateway and an infinite retry loop.

Fixed an issue where AAAA DNS records were not working when connected to GlobalProtect client versions 6.2.8-c243 or 6.2.8-c263, preventing successful IPv6 connections. This issue occurred when split tunnel is not configured, causing the IPv6 DNS settings to be incorrectly set.

Fixed an issue where GlobalProtect clients on macOS devices, after upgrading to version 6.2.8-h2, were unable to connect to the authentication server. This occurred because incorrect logic in the GlobalProtect Agent code prevented the Webview Process ID from syncing with the Network Extension process, causing the Network Extension to block SAML authentication traffic, resulting in a "Could not connect to the authentication server" error and a blank embedded browser during SAML authentication.

Fixed an issue where GlobalProtect clients running version 6.2.8-h1 (6.2.8-c223) experienced intermittent connection failures and disconnections, with the client agent getting stuck in a 'connecting' state even when backend logs indicated a successful connection. This occurred because, when conditional connect mode was enabled, the client attempted to impersonate a user and write On-Demand settings to the user's registry hive (HKEY_CURRENT_USER) during pre-logon. As no user was logged in at that stage, user impersonation failed, leading to incorrect registry access or failed registry operations, which caused service instability or misconfiguration.

Fixed an issue where, on Windows endpoints running GlobalProtect, roaming user profile data was not written or sent to the server shared folder over SMB (TCP/445) during user logoff or system reboot when the GlobalProtect client was connected to the internal corporate network.

Fixed an issue where GlobalProtect client 6.1.1-5 would select the incorrect Windows tile by default after locking the screen when using Single Sign-On for Smart Card PIN (Windows) with the Yubikey Smart Card Minidriver. When multiple smart cards were present, GlobalProtect incorrectly selected the last enumerated card instead of the currently active one.