GlobalProtect App 5.0 Known Issues

See the list of the known issues in GlobalProtect app 5.0.
The following table describes known issues in the GlobalProtect app 5.0 releases.
Issue ID
This issue is now resolved. See GlobalProtect App 5.0.1 Addressed Issues.
When users launch GlobalProtect app 5.0 for Mac endpoints for the first time, the following notification message appears, prompting users to enter their Mac password so that the GlobalProtect service (PanGPS) can access and use client certificates from the login keychain:
PanGPS wants to use your confidential information stored in “Configuration Profiles” in your keychain.

To allow this, enter the "login" keychain password.
Workaround: Enter your Mac Password and then Always Allow PanGPS to use the password.
This issue is now resolved. See GlobalProtect App 5.0.1 Addressed Issues.
In some instances, when the GlobalProtect app for iOS connects to a GlobalProtect portal, the Cannot Verify Server Identity dialog appears even if a valid server certificate is sent from the portal.
Workaround: Tap Continue to proceed with the GlobalProtect connection.
This issue is now resolved. See GlobalProtect App 5.0.2 Addressed Issues.
If you use AirWatch to push an updated VPN profile to managed iOS endpoints that are currently connected to GlobalProtect, the endpoints continue to use the old version of the VPN profile even after they successfully receive the updated VPN profile.
When users establish a GlobalProtect connection for the first time on iPads running iOS 11.1, and they Don’t Allow GlobalProtect to send them notifications, the Settings -> GlobalProtect link on subsequent notification permission reminders does not open.
Workaround: Upgrade your iPad to iOS 11.3 or a later version.
If you remain on iOS 11.1, you can enable GlobalProtect to send you notifications by going to the GlobalProtect notification settings on your iPad (SettingsNotificationsGlobalProtect) and then selecting Allow Notifications.
On macOS endpoints, the GlobalProtect app can’t detect the following Anti-Malware information for the HIP Match log details of the Gatekeeper security feature (MonitorLogsHIP Match<hip-match-log>):
  • Engine Version
  • Definition Version
  • Date
  • Last Scanned
Proxies are disabled after you establish the GlobalProtect connection on macOS endpoints because proxy settings are not copied from the physical network adapter of the endpoint to the virtual network adapter of the endpoint, and the virtual network adapter becomes the primary adapter from which the macOS endpoint receives proxy settings.
When a user first logs in to a GlobalProtect VPN that uses SAML authentication with pre-logon enabled, the tunnel rename (from pre-logon to user logon) fails, the pre-logon tunnel is disconnected, and the user is prompted to re-authenticate.
The firewall does not generate a notification for the GlobalProtect app when the firewall denies an unencrypted TLS session due to an authentication policy match.

Related Documentation