Changes to Default Behavior in GlobalProtect App 5.2

Changes to default behavior in GlobalProtect app 5.2.
The following topic describes changes to default behavior in GlobalProtect app 5.2:

Changes to Default Behavior in GlobalProtect App 5.2.12

There are no changes to default behavior in GlobalProtect app 5.2.12.

Changes to Default Behavior in GlobalProtect App 5.2.11

There are no changes to default behavior in GlobalProtect app 5.2.11.

Changes to Default Behavior in GlobalProtect App 5.2.10

There are no changes to default behavior in GlobalProtect app 5.2.10.

Changes to Default Behavior in GlobalProtect App 5.2.9

As part of the security hardening improvements for connect before login deployments using SAML authentication, the behavior of the embedded browser used to communicate with the IdP has changed to prevent users from navigating to other domains. Now, the connect before login feature automatically adds the portal, gateway, and main domain of the IdP to the trusted domain list, and prevents the user from navigating to other domains. In cases where the IdP landing page uses additional domains (for example to handle MFA authentication), you must manually add the additional domains as a comma-separated list to the
TrustedIdPDomains
registry value under the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\CBL
.

Changes to Default Behavior in GlobalProtect App 5.2.8

(
Windows only
) Starting with GlobalProtect app 5.2.8, a new installation restriction is introduced. With this change, users cannot install GlobalProtect app 5.2.8 and later versions on Windows 7 devices.

Changes to Default Behavior in GlobalProtect App 5.2.7

(
Windows only
) Starting with GlobalProtect app 5.2.7, a new downgrade restriction is introduced. With this change, end users are restricted from downgrading to GlobalProtect app 5.1.5 and earlier versions from 5.2.7 and later versions. The PanGPS.log file will now display the
AutoUpdater - file C:\Program Files\Palo Alto Networks\GlobalProtect\globalprotect.msi version is too old
error message. Refer to the knowledge base article at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VQ1 for more information.

Changes to Default Behavior in GlobalProtect App 5.2.6

The following table describes changes to default behavior in GlobalProtect app 5.2.6:
Feature
Description
HIP Checks
(Windows, macOS, Windows UWP, Android, iOS, and Linux)
Starting with GlobalProtect app 5.2.6, support for OPSWAT SDK V3 (end-of-life) will be removed and the GlobalProtect app will only use OPSWAT SDK V4. Vendor and product names are based on OPSWAT SDK V4. GlobalProtect app 5.2.6 and later release HIP check functionality will not work with PAN-OS 8.0 (end-of-life) and earlier releases (end-of-life). GlobalProtect app 5.2.6 and later release HIP check functionality will work as expected with PAN-OS 8.1 and later releases.

Changes to Default Behavior in GlobalProtect App 5.2.5

There are no changes to default behavior in GlobalProtect app 5.2.5.

Changes to Default Behavior in GlobalProtect App 5.2.4

There are no changes to default behavior in GlobalProtect app 5.2.4.

Changes to Default Behavior in GlobalProtect App 5.2.3

There are no changes to default behavior in GlobalProtect app 5.2.3.

Changes to Default Behavior in GlobalProtect App 5.2.2

There are no changes to default behavior in GlobalProtect app 5.2.2.

Changes to Default Behavior in GlobalProtect App 5.2.1

There are no changes to default behavior in GlobalProtect app 5.2.1.

Changes to Default Behavior in GlobalProtect App 5.2.0

There are no changes to default behavior in GlobalProtect app 5.2.0.

Recommended For You