End-of-Life (EoL)
Limitations
See the limitations associated with the GlobalProtect
app 4.1 release.
The following table includes
limitations associated with the GlobalProtect app 4.1 release.
Issue ID | Description |
---|---|
GPC-7772 | If you configure the GlobalProtect
portal or gateway to authenticate users through Kerberos single
sign-on (SSO) and the SSL handshake also requires machine certificate
authentication (for example, with the pre-logon connect method),
Kerberos SSO authentication fails if you import the user’s machine
certificate to only the machine certificate store. Workaround :
Import the machine certificate to both the machine certificate store
and user certificate store. |
GPC-7226 | The GlobalProtect app for Linux
can import only client certificates onto connecting endpoints for
certificate-based portal and gateway authentication. The app cannot
import the entire certificate chain, which includes the trusted
root CA certificate and the intermediate CA certificate. Workaround : Import the trusted
root CA certificates and intermediate CA certificates used to sign client
certificates onto your firewall (Device Certificate Management Certificates Device Certificates Add those CA Certificates to
the client certificate profile (Device Certificate Management Certificate Profile <cert-profile> |
GPC-6663 | The GlobalProtect app for iOS
does not support SAML authentication when you configure GlobalProtect
with the User-logon (Always On) Connect
Method (Network GlobalProtect Portals <portal-config> Agent <agent-config> App |
GPC-6394 | If you configure a split tunnel
to exclude traffic for a specific destination domain, users with
endpoints running macOS 10.13 and later releases must use one of
the following options to manually enable their endpoint to allow
GlobalProtect to exclude the traffic from the VPN tunnel:
This limitation
is due to the Apple User-Approved Kernel Extension
Loading feature, in which users must approve new third-party
kernel extensions manually. If users do not allow the kernel extension
to load or do not enable Palo Alto Networks as a trusted developer
on their endpoint, traffic for the specified destination domain cannot
be excluded from the VPN tunnel. |
GPC-5543 | On macOS endpoints, native
modal notification dialogs (such as the GlobalProtect update installation
dialog) open behind the GlobalProtect status panel if they overlap. |
GPC-5346 | When users connect to Windows 10 endpoints
using the Microsoft Remote Desktop Connection, they cannot authenticate
and establish a connection to GlobalProtect using single sign-on
(SSO) because Remote Desktop Services (RDS)—which enables users
to access and run applications on the remote desktop—does not support
SSO with non-native Windows credentials. If users initiate
a remote desktop connection using credentials from the GlobalProtect
Credential Provider, they must manually re-enter their credentials
on the GlobalProtect Credential Provider logon screen (when prompted)
to access the endpoint and establish the GlobalProtect connection. |
Recommended For You
Recommended Videos
Recommended videos not found.