Addressed Issues in GlobalProtect App 5.0

See the list of addressed issues in GlobalProtect app 5.0 for Android, iOS, Chrome, Windows, Windows 10 UWP, Mac, and Linux.
The following topic describes the issues addressed in GlobalProtect app 5.0 for Android, Chrome, Windows, Windows 10 UWP, Mac, and Linux.

GlobalProtect App 5.0.9 Addressed Issues (iOS Only)

The following table lists the issues that are addressed in GlobalProtect app 5.0.9 for iOS:
Issue ID
Description
GPC-9199
Fixed an issue where OKTA SMS verification does not work with the GlobalProtect app on iPhones running iOS 12.3 or 12.4.

GlobalProtect App 5.0.8 Addressed Issues (iOS Only)

The following table lists the issues that are addressed in GlobalProtect app 5.0.8 for iOS:
Issue ID
Description
GPC-8801
Fixed an issue on iOS endpoints where, if you set the
Save User Credentials
option to
Save Username Only
in the portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), users were unable to enter their username on the GlobalProtect authentication dialog that displayed when they connected to GlobalProtect from the iOS VPN settings (Settings > VPN > Status).
GPC-8705
Fixed an issue where the
Sign Out
button did not display in the GlobalProtect app after a user logged in using SAML authentication.

GlobalProtect App 5.0.7 Addressed Issues (iOS Only)

The following table lists the issues that are addressed in GlobalProtect app 5.0.7 for iOS:
Issue ID
Description
GPC-8538
Fixed an issue where the GlobalProtect app for iOS endpoints was unable to send logs because the GlobalProtect log file exceeded the maximum email attachment size limit.
GPC-8500
Fixed an issue on endpoints running iOS 12.1 where, if you configured
  • the GlobalProtect app to Save User Credentials (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    Authentication
    ),
  • the GlobalProtect gateway to authenticate users through SAML authentication (
    Network
    GlobalProtect
    Gateways
    <gateway-config>
    Authentication
    <client-authentication-config>
    ),
  • and the GlobalProtect portal to generate cookies that the gateway could accept for authentication override (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    Authentication
    and
    Network
    GlobalProtect
    Gateways
    <gateway-config>
    Agent
    Client Settings
    <client-settings-config>
    Authentication Override
    ),
users were required to authenticate to the gateway manually when establishing the GlobalProtect connection for the first time. This issue occurred because GlobalProtect used these cookies for gateway authentication only when the user authenticated to the portal with a saved username.

GlobalProtect App 5.0.6 Addressed Issues (iOS Only)

There are no addressed issues in GlobalProtect app 5.0.6 for iOS.

GlobalProtect App 5.0.5 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.0.5:
Issue ID
Description
GPC-9427
Fixed an issue where, when the GlobalProtect portal's external gateway was configured in different geographic locations, the GlobalProtect app hangs with a status of
Still Connecting
.
GPC-9421
Fixed an issue where delays were seen in connections when Enforce Global Protect for Network Access was set to
Enabled
.
GPC-9384
Fixed an issue with split tunneling on some Windows 10 versions that resulted in high CPU utilization following an upgrade of the GlobalProtect app. This was due to unreleased processes and operating system behavior that caused GlobalProtect to retain earlier GlobalProtect drivers.
GPC-9322
Fixed an issue on endpoints running macOS 10.14 where SSH sessions experienced latency over a GlobalProtect SSL tunnel.
GPC-9241
Fixed an issue where the HIP Report identified the Anti-Malware Definition date for Symantec as 01/01/1970.
GPC-9226
Fixed an issue where client certificate authentication was failing on Android 10 devices.
GPC-9221
Fixed an issue on Android devices where the GlobalProtect app displayed a
Portal not found
error when a valid client certificate could not be found.
GPC-9207
Fixed an issue where devices running macOS 10.14 could not initiate the SAML login page after a reboot.
GPC-9162
Fixed an issue where a user with a Windows UWP endpoint could not reconnect after a network change (for example, after the user moved from one location in a building to another).
GPC-9156
Fixed an issue with the GlobalProtect client on a Linux device could not connect if the password contained a less than character (<).
GPC-9134
Fixed an issue on Windows endpoints where the GlobalProtect Virtual Interface would not initialize properly after a reboot following GlobalProtect app upgrade, which prevented it from establishing the VPN tunnel.
GPC-9125
Fixed an issue where security policies were configured using HIP objects but traffic was denied for GlobalProtect users because GlobalProtect did not generate a HIP report, along with the error
Failed to create process PanGpHip.exe
.
GPC-9119
Fixed an issue where the GlobalProtect app could not connect for a long period of time (from 80 to 90 seconds) after a PC wakes up from sleep mode.
GPC-9108
Fixed an issue where, after you upgraded the GlobalProtect app to 5.0.3, the
Connect
button would become unresponsive after you disconnect and attempt to reconnect.
GPC-9045
Fixed an issue where GlobalProtect did not detect AhnLab v3 Lite as Anti-Malware software and did not report the software in the HIP report.
GPC-9027
Fixed an issue with localization of the GlobalProtect app in French where the translation of some strings was incorrect.
GPC-8976
Fixed an issue where users could not connect to the SAML provider.
GPC-8912
Fixed an issue in GlobalProtect for Linux that caused a new portal connection attempt to fail due to an issue in the GlobalProtect service, where it did not reset the error message from a previous connection attempt.
GPC-8824
Fixed an issue on macOS where GlobalProtect did not detect the Last Full Scan Time for Sophos Anti-Virus version 9.9.0 and therefore did not include it in the HIP report.
GPC-8819
Fixed an issue where the GlobalProtect app took up to 4 minutes to establish a tunnel, where the majority of the time was spent checking the revocation status of the server and client certificate chain due to unreachable revocation servers (OSCP responders or CRL distribution points).
GPC-8813
Fixed an issue where the HIP report included an older definition version when Symantec Hosted Endpoint Protection was installed on an endpoint.
GPC-8802
Fixed an issue with the GlobalProtect app on Windows devices where, after the user signed out, user credentials were preserved when the user signed in again. In all cases, the GlobalProtect app sends a message that the credentials will be cleared when the sign out button is clicked, and the user has the ability to confirm or cancel.
GPC-8790
Fixed an issue where GlobalProtect was not honoring the setting for
Wait Time Between VPN Connection Restore Attempts
and would stop attempting to restore the connection before the configured time.
GPC-8692
Fixed an issue where, when GlobalProtect was installed on Chromebooks and was set to
Always On
mode, SAML authentication prompted users that they had to log in after users rebooted or logged off.
GPC-8557
Fixed an issue where the HIP report displayed Real Time Protection as
n/a
when 360Safe was installed as an Anti-Spyware vendor.
GPC-8368
Fixed an issue on macOS devices where HIP reports could not determine the Real Time Protection Status associated with Norton Symantec Endpoint Protection.
GPC-8178
Fixed an issue on endpoints running iOS 12 where, if you set the
Save User Credentials
option to
Yes
in the portal agent configuration, the GlobalProtect app was unable to save user passwords.
GPC-7953
Fixed an issue on the GlobalProtect app for iOS endpoints where users could not connect to manually selected gateways.

GlobalProtect App 5.0.4 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.0.4:
Issue ID
Description
GPC-8979
Fixed an issue in environments that use GPO to configure DNS settings in advanced TCP/IP settings on Windows endpoints where GlobalProtect would modify the registry setting
UseDomainNameDevolution
registry value to 0. As a result of this setting, the GlobalProtect app overwrote the appended DNS suffixes and instead appended the parent suffixes of the primary DNS suffix.
GPC-8818
Fixed an issue on Mac endpoints where, if you enabled both split tunneling and
Enforce GlobalProtect for Network Access
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), users were unable to access network resources (except DNS services) when connected to internal gateways.
GPC-8804
Fixed an issue with an Always-On deployment, where if an endpoint wakes up before the resilient VPN timer expired, the GlobalProtect app did not connect to the preferred gateway even if the user had previously selected a preferred gateway. Now, if an endpoint wakes up after the resilient VPN timeout has expired, the GlobalProtect app first tries to establish a connection to the selected preferred gateway before initiating a connection to the best available gateway.
GPC-8788
Fixed an issue on Android endpoints where the GlobalProtect app was unable to send traffic through the VPN tunnel, thereby preventing users from accessing network resources.
GPC-8783
Fixed an issue where Android phones would auto-connect, even though the connect method was specified as
on-demand
.
GPC-8736
Fixed an issue where a Prisma Access user could not connect to the GlobalProtect portal, and the GlobalProtect app displayed a
restartgpa not set
error.
GPC-8720
Fixed an issue on Mac endpoints where, if you configured GlobalProtect with the
Pre-logon (Always On)
Connect Method
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), an authentication error message appeared intermittently after users authenticated to the GlobalProtect portal successfully using SAML authentication. If there is a load balancer for portals, the portal's assigned IP address should be sticky enough to allow SAML authentication to be successful.
GPC-8718
Fixed an issue on Linux endpoints where the PanGPA logs exposed passcodes used to import PKCS #12 certificate packages.
GPC-8678
Fixed an issue where, if you
Allow User to Disable GlobalProtect App
with a ticket number (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), the GlobalProtect app displayed the following error message when users entered the ticket number for a ticket on which you set the
Duration
to
0
:
The ticket is not valid. Please enter a valid ticket.
GPC-8655
Fixed an issue on Windows endpoints where, if you configured the GlobalProtect portal and gateway to authenticate users through both client certificate authentication and SAML authentication, users were unable to establish the GlobalProtect connection if you also enabled client certificate authentication on load balancers set up between the GlobalProtect app and the SAML IdP server.
GPC-8640
Fixed an issue on Windows endpoints where, if you configured GlobalProtect with the
Pre-logon (Always On)
or
Pre-logon then On-demand
Connect Method
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), the GlobalProtect app did not send any HIP reports to the gateway after the pre-logon tunnel was renamed to the user tunnel. When this issue occurred, the gateway was unable to perform HIP checks.
GPC-8628
Fixed an issue on Linux endpoints where using the
show --details
command did not return the name or FQDN of the connected GlobalProtect gateway.
GPC-8507
Fixed an issue where the GlobalProtect app for Windows endpoints was unable to perform internal host detection on endpoints that were also running SonicWall VPN Client.
GPC-8407
Fixed an issue in the HIP profile where GlobalProtect was intermittently unable to identify and display the
Last Full Scan Time
for Sophos Cloud Endpoint.
GPC-8285
Fixed an issue in the HIP profile where GlobalProtect was unable to detect Forcepoint DLP v8.3.
GPC-8227
Fixed an issue in the HIP profile where GlobalProtect was unable to detect Trend Micro Security on Mac endpoints.
GPC-7722
Fixed an issue on iOS endpoints where, if users connected to GlobalProtect through the iOS VPN settings (
Settings
General
VPN
), they were unable to enter their
Username
on the GlobalProtect app during portal login.
GPC-7640
Fixed an issue on endpoints running iOS 12 where, after users successfully authenticated to GlobalProtect using Okta multi-factor authentication, the GlobalProtect app was unable to connect to the GlobalProtect gateway. This issue occurred because GlobalProtect did not provide a connection timeout period during which the app could attempt to connect to the gateway. With this fix, the app now has 30 seconds to establish a connection with the gateway.
GPC-7464
Fixed an issue on endpoints running iOS 12 where, if you set the
Save User Credentials
option to
Yes
in the portal agent configuration, the GlobalProtect app was unable to save user passwords.
GPC-6216
Fixed an issue in the HIP profile where GlobalProtect was unable to identify and display the
Last Full Scan Time
for 360 Total Security.

GlobalProtect App 5.0.3 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.0.3:
Issue ID
Description
GPC-8871
Fixed an issue where the GlobalProtect app halted suddenly on Android endpoints that use 32-bit native libraries.
GPC-8657
Fixed an issue where the GlobalProtect app connected to low or lowest priority gateways instead of medium, high, or highest priority gateways due to latency issues.
GPC-8656
Fixed an issue where the GlobalProtect app was unable to connect to the portal following an upgrade. When the GlobalProtect installer removed the older version of the GlobalProtect service (PanGPS) from the endpoint, the endpoint was unable to update its list of installed services before the installer attempted to add the newer version of PanGPS. Because the installer continued to detect the older version of PanGPS in the installed services list, it was unable to install the newer version.
GPC-8639
Fixed an issue where the GlobalProtect app was unable to connect to internal gateways after the endpoint on which the app was installed woke up from sleep mode and connected to a different network.
GPC-8627
Fixed an issue on Linux endpoints where the GlobalProtect command line interface (CLI) displayed a truncated gateway list for the
show --manual-gateway
command when the list exceeded the maximum message queue size (900 bytes).
GPC-8617
Fixed an issue on Android endpoints where, if you configured the Windows User-ID Agent to collect host information from mobile endpoints that are managed by AirWatch, the GlobalProtect app did not set the
mobile_id
attribute to the unique device identifier (UDID) of the endpoint, as configured in the MDM. When this issue occurred, the HIP report from the GlobalProtect app was unable to merge with the HIP report from the Windows User-ID Agent, thereby causing the GlobalProtect gateway to generate an incorrect HIP report.
GPC-8595
Fixed an issue on Windows endpoints where, if you set the
Pre-Logon Tunnel Rename Timeout
to a positive value (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), the timeout notification message did not appear when users did not interact with the authentication prompt within the specified timeout period.
GPC-8589
Fixed an issue on Mac endpoints where, if you set the GlobalProtect
Connect Method
to
On-demand (Manual user initiated connection)
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), the GlobalProtect welcome page displayed only when users connected to GlobalProtect for the first time after rebooting their endpoint.
GPC-8584
Fixed an issue where, if you set the
Enable Resubmit Host Profile Option
to
No
in the portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), the
Resubmit Host Profile
option was not greyed out on the GlobalProtect Settings panel.
GPC-8571
Fixed an issue on Windows endpoints where saved GlobalProtect credentials were not removed from the Windows Credential Manager after users uninstalled the GlobalProtect app.
GPC-8565
Fixed an issue on Linux endpoints running RHEL 7.6 where the GlobalProtect app halted suddenly after continuous IPSec tunnel reconnections to the gateway.
GPC-8548
Fixed an issue on Windows endpoints where, if you configured a split tunnel to exclude traffic for a specific destination domain, users were unable to access the domain after their endpoints woke up from sleep mode.
GPC-8534
Fixed an issue on Windows endpoints where the GlobalProtect status panel did not display the list of manual external gateways associated with the logged in user immediately after the pre-logon tunnel was renamed to the user tunnel.
GPC-8533
Fixed an issue on Windows endpoints where the GlobalProtect status panel did not display the settings icon following an upgrade or fresh installation of GlobalProtect app 5.0.2. This issue occurred when users launched the GlobalProtect app from a Windows taskbar that was either positioned at the top of the main display or moved from the main display to an extended display prior to upgrade or installation.
GPC-8532
Fixed an issue where, if users switched from an external network to an internal network, the GlobalProtect app continued to attempt to resurrect the VPN tunnel to the external gateway after the specified
Automatic Restoration of VPN Connection Timeout
period (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
). When this issue occurred, users were unable to connect to the internal gateway.
GPC-8524
Fixed an issue on Windows endpoints where, if you configured GlobalProtect with the
Pre-logon (Always On)
Connect Method
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
), the GlobalProtect app was unable to perform HIP checks or send HIP reports when users logged in to the endpoint following a successful pre-logon connection.
GPC-8515
Fixed an issue where the GlobalProtect app for Linux referenced the incorrect certificate folder when searching for system certificates on endpoints running unsupported Linux distributions.
GPC-8495
Fixed an issue on Windows endpoints where, if you configured a split tunnel to exclude traffic for a specific destination domain, users were unable to access the domain after switching from a wired to wireless network connection.
GPC-8491
Fixed an issue on Windows endpoints where users were unable to connect to the GlobalProtect gateway if the source IP used to reach the gateway belonged to a different region than the source IP used to reach the portal.
GPC-8489
Fixed an issue where the GlobalProtect app remained in the
Connecting
state when users either responded to a multi-factor authentication (MFA) prompt incorrectly, clicked
OK
on an MFA prompt without entering a response, or did not respond to the MFA prompt within the allotted time period.
GPC-8466
Fixed an issue where the GlobalProtect tunnel disconnected every three hours due to a tunnel connection timeout.
GPC-8464
Fixed an issue on endpoints running macOS 10.14 where, if you configured a split tunnel to include traffic for a specific destination domain, the traffic was intermittently unable to traverse the VPN tunnel.
GPC-8455
Fixed an issue where users were unable to connect to GlobalProtect after upgrading to GlobalProtect app 5.0.1.
GPC-8404
Fixed an issue on Linux endpoints where users were unable to connect to the local gpd (GlobalProtect systemd) service when they executed any command from their endpoint.
GPC-8398
Fixed an issue on Windows and Mac endpoints running Traps where the GlobalProtect tunnel disconnected because HIP checks were unable to progress past the Traps data collection. When this issue occurred, the GlobalProtect app was unable to create a HIP report within the specified
Inactivity Logout
period (
Network
GlobalProtect
Gateways
<gateway-config>
Agent
Connection Settings
), thereby causing the session to time out.
GPC-8391
Fixed an issue on Windows endpoints where users were unable to change their passwords through the GlobalProtect credential provider when they logged in with usernames in the User Principal Name (UPN) format.
GPC-8366
Fixed an issue where Windows endpoints halted suddenly due to an
“IRLQL_NOT_LESS_OR_EQUAL”
error on the GlobalProtect filter driver (gpfltdrv.sys).
GPC-8353
Fixed an issue where GlobalProtect did not trigger the
Enforce GlobalProtect Connection for Network Access
option when users switched from internal gateways to external gateways.
GPC-8319
Fixed an issue where users were intermittently unable to connect to GlobalProtect after rebooting their endpoint due to a disconnection between the GlobalProtect app and GlobalProtect service.
GPC-8272
Fixed an issue on Mac endpoints where, if you configured the GlobalProtect portal or gateway to authenticate users through SAML authentication and Generate and Accept cookie for authentication override (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
Authentication
or
Network
GlobalProtect
Gateways
<gateway-config>
Agent
Client Settings
<client-settings-config>
Authentication Override
), users were required to authenticate twice when initiating a new GlobalProtect connection after the authentication cookie expired.
GPC-8268
Fixed an issue on Windows 10 endpoints where the GlobalProtect status panel automatically closed when traffic blocking notifications displayed, thereby hiding one-time password (OTP) prompts.
GPC-8189
Fixed an issue on the GlobalProtect app for Windows endpoints where, if you configured an external gateway to support both a specific Source Region with Highest Priority and a Source Region of Any with a Priority of Manual only (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
External
), the gateway did not appear on the Gateway drop-down for users in the source region with the highest priority.
GPC-7989
Fixed an issue where, if you defined specific source regions from which users could connect to an external gateway, users from other regions were able to connect to the gateway successfully.
GPC-7188
Fixed an issue on Mac endpoints where the firewall was unable to map users to IP addresses after the endpoint woke up from sleep mode exceeding three hours. This issue occurred because the IP address-to-user mapping times out on the firewall after three hours. With this fix, the GlobalProtect app sends a HIP report check request to the GlobalProtect gateway to refresh the IP address-to-user mapping after the endpoint wakes up from sleep mode exceeding three hours.

GlobalProtect App 5.0.2 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.0.2:
Issue ID
Description
GPC-8428
Fixed an issue on Windows endpoints where, if you configured GlobalProtect with the
Pre-logon (Always On)
Connect Method
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
) and set the
pre-logon-tunnel-rename-timeout
to
0
, the GlobalProtect app was unable to detect captive portals.
GPC-8375
Fixed an issue on the Japanese version of the GlobalProtect app for Android endpoints where the app halted suddenly when users selected the
ABOUT
option from the settings menu.
GPC-8374
Fixed an issue on Android endpoints where users were unable to authenticate to GlobalProtect if their username contained any spaces.
GPC-8356
Fixed an issue where, if you configured the GlobalProtect gateway to authenticate users through two-factor authentication using one-time passwords (OTPs) with SAML, the GlobalProtect app remained in the
Connecting
state after users authenticated to the gateway successfully.
GPC-8308
Fixed an issue where the GlobalProtect app for Android endpoints was unable to progress past the login success notification when users authenticated to the GlobalProtect portal using SAML authentication. This issue occurred if the GlobalProtect app ran in the background during SAML authentication.
GPC-8289
Fixed an issue on Mac endpoints where the launchctl process caused high CPU usage on the endpoint because of the GlobalProtect app.
GPC-8270
Fixed an issue on Windows 10 endpoints where, after the endpoint woke up from sleep mode, the GlobalProtect app incorrectly displayed the
Connected
status even though it was not connected to the GlobalProtect gateway.
GPC-8269
Fixed an issue on Windows endpoints where the GlobalProtect app halted suddenly when users clicked hyperlinks on custom help pages.
GPC-8266
Fixed an issue on endpoints running macOS 10.13 and later releases where GlobalProtect kernel extensions were unable to load on the endpoint after it woke up from sleep mode. When this issue occurred, the GlobalProtect app displayed the following error message intermittently: 
Some components of the GlobalProtect App could not be launched due to Operating System Settings. This may result in some network traffic being blocked. Please contact your IT administrator.
GPC-8226
Fixed an issue on Windows 10 endpoints where, if you configured GlobalProtect with the
Pre-logon (Always On)
Connect Method
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
) and set the
pre-logon-tunnel-rename-timeout
to a positive value (for example, 30 seconds), the GlobalProtect app handled the two-factor authentication challenge incorrectly during gateway authentication, thereby causing an authentication failure.
GPC-8214
Fixed an issue on Windows 10 endpoints in the German language where the GlobalProtect sign in dialog experienced display issues such as a truncated
Sign In
(
Anmelden
) label, untranslated content, and a missing colon (:) after the
Username
label.
GPC-8207
Fixed an issue on Windows endpoints where, if you configured the GlobalProtect gateway to authenticate users through two-factor authentication using one-time password (OTPs) with RADIUS, the GlobalProtect app forwarded single sign-on (SSO) passwords instead of OTPs to the gateway for authentication.
GPC-8206
Fixed an issue on Windows endpoints where the GlobalProtect service (PanGPS) restarted after network discovery.
GPC-8197
Fixed an issue on Windows 10 endpoints where, if you configured GlobalProtect with the
Pre-logon (Always On)
Connect Method
(
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
) and set the
pre-logon-tunnel-rename-timeout
to
0
, the GlobalProtect app incorrectly displayed the
Not Connected
state even though it detected the internal network successfully.
GPC-8195
Fixed an issue on Windows endpoints where the GlobalProtect pre-logon connection status remained as
Internal
after users restarted the endpoint and lost network connectivity.
GPC-8194
Fixed an issue on the GlobalProtect app for Windows endpoints where, if you configured the GlobalProtect portal to authenticate users through two-factor authentication with SAML and client certificate authentication, the app entered an authentication loop if it sent the incorrect client certificate to the portal.
GPC-8183
Fixed an issue where the GlobalProtect app for Windows endpoints remained in the
Connecting
state for an extended period of time after the endpoint woke up from sleep mode.
GPC-8174
Fixed an issue on Linux endpoints where the GlobalProtect command line interface (CLI) did not display any output for the
show - -manual-gateway
command when the output exceeded the maximum message queue size (1000 characters). With this fix, the GlobalProtect CLI splits command outputs that exceed the maximum message queue size into multiple messages.
GPC-8126
Fixed an issue on Windows endpoints where, if users moved the taskbar to a secondary monitor, GlobalProtect notification messages continued to appear on the original monitor.
GPC-8124
Fixed an issue on Windows endpoints where, if you enabled the
No direct access to local network
option and also configured a split tunnel to exclude specific access routes (
Network
GlobalProtect
Gateways
<gateway-config>
Agent
Client Settings
Split Tunnel
Access Route
), traffic for those access routes continued to go through the VPN tunnel.
GPC-7462
Fixed an issue in the HIP profile where GlobalProtect was unable to identify and display the correct Malware Definition Date when Symantec Endpoint Protection ran on Windows 7 endpoints.
GPC-7356
Fixed an issue on iOS endpoints where the DNS search list used to resolve domains was ignored in split tunnel mode.
GPC-7350
Fixed an issue on iOS endpoints where downloading a large app from the Apple App Store caused the GlobalProtect app to disconnect the VPN.
GPC-7321
Fixed an issue on iOS endpoints managed by AirWatch where the GlobalProtect app did not receive client certificates.
GPC-6925
Fixed an issue on iOS endpoints where the GlobalProtect tunnel disconnected abruptly and the app displayed a disconnected status (but no error) when a keep-alive and outbound tunnel packet were sent at the same time.
GPC-6973
Fixed an issue on iOS endpoints managed by AirWatch where the GlobalProtect app used an outdated VPN profile after receiving a new one from AirWatch.
GPC-6214
Fixed an issue in the HIP profile where GlobalProtect was unable to detect Dr. Web Security Space.

GlobalProtect App 5.0.1 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.0.1:
Issue ID
Description
GPC-8177
Fixed an issue where, if you configured both the GlobalProtect portal and gateway to authenticate users through SAML authentication, the GlobalProtect app for Android endpoints was unable to connect to the gateway due to a
Matching client config not found
error. This issue was caused by a mismatch between the username sent by the portal (
domain\username
) and the gateway (
username
).
GPC-8137
Fixed an issue where, if the GlobalProtect app was unable to connect to any external gateways after the endpoint woke up from sleep mode, it automatically connected to gateways with only the
Low
or
Lowest
Priority
when rediscovering the network.
GPC-8109
Fixed an issue with the
Pre-logon (Always On)
Connect Method
where, if you configured GlobalProtect to authenticate users through multi-factor authentication with SAML and you set the
pre-logon-tunnel-rename-timeout
to
0
, Windows users were not automatically prompted to log in to GlobalProtect after logging in to the endpoint.
GPC-8079
Fixed an issue with the
Pre-logon (Always On)
Connect Method
where user tunnel creation failed on Windows endpoints if you configured the following settings:
  • The GlobalProtect portal or gateway authenticates users through SAML authentication.
  • The portal and gateway generate and accept cookies for authentication override (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    Authentication
    ).
  • The
    Save User Credentials
    option is set to
    Save Username Only
    (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    Authentication
    ).
  • The
    Use Single Sign-On
    option is set to
    No
    (
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    ).
GPC-8055
Fixed an issue on Mac endpoints where, if you configured the GlobalProtect portal to authenticate users through two-factor authentication using client certificates, and you also specified an extended key usage OID with certificate lookup in both the machine store and user store, users were able to authenticate to the portal successfully using a certificate with no OID or an incorrect OID.
GPC-8036
Fixed an issue where the GlobalProtect app for Windows 10 UWP did not send HIP reports to the firewall from domain-joined Azure AD endpoints, thereby causing these users to timeout and disconnect from GlobalProtect.
GPC-8020
Fixed an issue on Mac endpoints where the following notification message appeared when users launched GlobalProtect app 5.0 for the first time. This notification message prompted users to enter their Mac password so that the GlobalProtect service (PanGPS) could access and use client certificates from the login keychain.
PanGPS wants to use your confidential information stored in “Configuration Profiles” in your keychain. To allow this, enter the "login" keychain password.
GPC-8002
Fixed an issue on Android endpoints where, if you set the
Save User Credentials
option to
Yes
in the portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
Authentication
), the GlobalProtect app was unable to save the username and password after users either stopped the app from running in the background or restarted the endpoint.
GPC-7745
Fixed an issue in the HIP profile where GlobalProtect was unable to identify and display the
Last Full Scan Time
when Trend Micro Titanium ran on Windows and Mac endpoints.
GPC-7662
Fixed an issue on Windows and Mac endpoints where the GlobalProtect app was intermittently unable to save usernames when you set the
Save User Credentials
option to
Save Username Only
in the portal agent configuration (
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
Authentication
). When this issue occurred, users were unable to retrieve their cached portal configuration.
GPC-7449
Fixed an issue on Mac endpoints where, if you configured the GlobalProtect portal or gateway to authenticate users through multi-factor authentication with SAML, users were intermittently unable to authenticate successfully when attempting to connect to GlobalProtect.
GPC-7422
Fixed an issue on Mac endpoints where the GlobalProtect HIP process (PanGpHip) caused high CPU usage on the endpoint after users connected to GlobalProtect.
GPC-7294
Fixed an issue where, in some instances, when the GlobalProtect app for iOS connected to a GlobalProtect portal, the Cannot Verify Server Identity dialog appeared even if a valid server certificate was sent from the portal.
GPC-5476
Fixed an issue with the pre-logon connect method where user tunnel creation failed if you configured the gateway to authenticate users through two-factor authentication.

GlobalProtect App 5.0.0 Addressed Issues

There are no addressed issues in GlobalProtect app 5.0.0.

Related Documentation