End-of-Life (EoL)

GlobalProtect App 4.0.3 Addressed Issues

The following table lists the issues that are addressed in the GlobalProtect™ app 4.0.3 release.
Issue ID
Description
GPC-4415
Fixed an issue where user authentication to a GlobalProtect portal failed after an endpoint connected through the pre-logon method because GlobalProtect did not change the session username from
pre-logon
to the username of the user.
GPC-4404
Fixed an issue in the GlobalProtect app interface where clicking
Connect
displayed the misleading message
Disconnected
for five to six seconds before the message changed to
Connecting
and finally to
Connected
. With this fix, the interface does not display
Disconnected
when the GlobalProtect app initiates a connection.
GPC-4401
A security-related fix was made to prevent an image path execution hijacking vulnerability on GlobalProtect apps (CVE-2017-15870).
GPC-4377
Fixed an issue where the firewall frequently, randomly disconnected end users from GlobalProtect because socket closures terminated SSL sessions.
GPC-4357
Fixed an issue where GlobalProtect gateway connections failed if you configured the GlobalProtect portal to enable users to manually connect with gateways on a port number (
Network
GlobalProtect
Portal
<portal_configuration>
Gateways
).
GPC-4353
Fixed an issue where Opswat initialization failure brought down the VPN tunnel because the GlobalProtect app did not send a host information profile (HIP) report to the GlobalProtect gateway. with this fix, the GlobalProtect app sends its cached HIP report if Opswat initialization fails.
GPC-4352
As an enhancement to support the KEXT loading change introduced in macOS 10.13, you can now install GlobalProtect app 4.0.3 and later releases on endpoints running macOS 10.13.
GPC-4351
Fixed an issue where the GlobalProtect app displayed the login passcodes for GlobalProtect clients as cleartext in the GlobalProtect client logs and in the memory space for the PANGPA process. With this fix, the GlobalProtect app does not display login passcodes in the GlobalProtect client logs and clears the passcode field in memory after use.
GPC-4309
Fixed an issue where end users on Windows 10 endpoints could not use the user principal name (UPN) format to log in through a GlobalProtect tile if you configured single sign-on (SSO) wrapping for third-party credential providers.
GPC-4305
Fixed an issue where host information profile (HIP) reports displayed incorrect dates for the antivirus software on GlobalProtect clients.
GPC-4301
Fixed an issue where GlobalProtect clients sent previously used One-Time Passwords (OTPs) to the GlobalProtect gateway even when two-factor authentication was enabled for app configurations on the GlobalProtect portal (
Network
GlobalProtect
Portals
<portal_configuration>
Agent
<agent_configuration>
Authentication
). With this fix, GlobalProtect clients do not reuse OTP passwords.
GPC-4300
Fixed an issue where GlobalProtect connections failed after you changed the connection settings to use an external gateway without a proxy server instead of an internal gateway with a proxy server.
GPC-4284
Fixed an issue where, when the GlobalProtect internal gateway and GlobalProtect portal were in different regions, the GlobalProtect app displayed the message
Your device cannot connect to GlobalProtect due to a network issue
even though users could successfully connect to the gateway. With this fix, the GlobalProtect app no longer displays that message when users connect to the gateway.
GPC-4282
Fixed an issue where iOS endpoints had slow file and data transfer rates through a GlobalProtect VPN tunnel.
GPC-4251
Fixed an issue where the firewall sent URL-encoded passwords to a remote authentication server if end users chose to
Cancel
authentication to a GlobalProtect gateway and you configured GlobalProtect apps to
Save User Credentials
(
Network
GlobalProtect
Portals
<GlobalProtect-portal-config>
Agent
<agent_config>
Authentication
).
GPC-4242
Fixed an issue where the Japanese language version of the GlobalProtect app interface displayed the incorrect text for the
Portal
label.
GPC-4213
Fixed an issue where mobile endpoints running Windows 10 Universal Windows Platform (UWP) did not connect to the GlobalProtect portal and displayed one of the following error messages:
client cert invalid
or
no certificate found
.
GPC-4209
Fixed an issue where GlobalProtect apps did not accurately enforce the Login Lifetime (
Network
GlobalProtect Gateways
<gateway_configuration>
Agent
Timeout Settings
).
GPC-4207
Fixed an issue on laptops running Windows 10 with BitLocker encryption where GlobalProtect briefly displayed the date and time every 30 seconds in the Windows login prompt.
GPC-4204
Fixed an issue where the GlobalProtect app did not collect Missing Patches information about GlobalProtect clients as specified in the host information profile (
Objects
HIP Objects
<HIP_object_configuration>
Patch Management
).
GPC-4196
Fixed an issue where GlobalProtect remained connected to endpoints after end users removed the USB smart card even if you set Retain Connection on Smart Card Removal to No for GlobalProtect apps (
Network
GlobalProtect Portals
<portal_configuration>
Agent
<agent_configuration>
App
).
GPC-4188
Fixed an issue where the German language version of the default warning message for password expiration had a typo.
GPC-4187
Fixed an issue where, after rebooting, Windows laptops did not display the list of GlobalProtect gateways that end users could manually select for connecting through certificate-based authentication.
GPC-4147
Fixed an issue where, instead of notifying the end user when gateway authentication failed due to an incorrect password, GlobalProtect displayed the Authentication Message (
Network
GlobalProtect
Portals
<portal_configuration>
Authentication
<client_authentication_configuration>
) and prompted the user to re-enter the password. With this fix, GlobalProtect displays
Authentication Failed
and then the
Authentication Message
if the user enters the wrong password.
GPC-4137
Fixed an issue where the GlobalProtect app on Mac OS X endpoints failed to set the primary IPv6 DNS address to the virtual adapter.
GPC-3998
Fixed an issue on Mac endpoints where the GlobalProtect app disconnected and did not recover the default route for a VPN split tunnel after the endpoints came out of sleep mode or moved between access points.

Recommended For You