Addressed Issues in GlobalProtect App 5.2
Focus
Focus
GlobalProtect

Addressed Issues in GlobalProtect App 5.2

Table of Contents

Addressed Issues in GlobalProtect App 5.2

See the list of addressed issues in GlobalProtect app 5.2 for Android, iOS, Chrome, Windows, Windows 10 UWP, and macOS.
The following topic describes the issues addressed in GlobalProtect app 5.2 for Android, iOS, Chrome, Windows, Windows 10 UWP, macOS, and Linux.

GlobalProtect App 5.2.13-c418 Addressed Issues

This release contains security-related fixes.

GlobalProtect App 5.2.13 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.13 for macOS and Windows.
Issue ID
Description
GPC-16878
Fixed an issue where the GlobalProtect HIP check incorrectly detected Definition Version for Cortex XDR, which caused the device to fail the HIP check.
GPC-16713
Fixed an issue where Connect Before Logon would unexpectedly fall back to username and password authentication after a failed SAML authentication attempt to the gateway.
GPC-16601
Fixed an issue where connect before logon would get stuck at Connecting if on an internal network with internal gateways.
GPC-16495
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the GlobalProtect cookie stopped working when CIS Benchmark 5.1.1 (Center for Internet Security) was applied for mac OS 12 Monterey to safeguard internet services.
GPC-16449
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS with split tunnel based on domain, the split tunnel did not work as expected after the system woke up from sleep mode.
GPC-16346
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check took longer than expected to collect the HIP information and also displayed HIP pop-up error messages for antivirus software, which caused the device to fail the HIP check.
GPC-16289
Fixed an issue where, when the GlobalProtect app was configured with split tunnel to exclude traffic, users could not access the excluded Airtel 4G PPP dongle application since the Airtel PPP default traffic route was removed.
GPC-16144
Fixed an issue where the GlobalProtect app failed to detect Cisco Secure Endpoint anti-malware software installed on the device.
GPC-16135
Fixed an issue where the GlobalProtect app connection failed when Windows 10 21H2 users tried to switch to another Windows user account on the device.
GPC-16119
Fixed an issue where the GlobalProtect app was installed on devices running macOS, the GlobalProtect HIP check failed to detect the Real time protection status for Symantec Endpoint Protection.
GPC-16056
Fixed an issue where GlobalProtect HIP check did not detect the name of the Trellix Agent correctly which caused the device to fail the HIP check.
GPC-16055
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the app did not display 'Authentication Failed' when the user entered an incorrect RSA SecureID.
GPC-16029
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, users were prompted for certificate selection even when the Extended Key Usage OID for Client Certificatewas configured in the App Configurations area of the GlobalProtect portal configuration.
GPC-15972
Fixed an issue where the GlobalProtect HIP check did not detect the Real-Time Protection status correctly for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-15933
Fixed an issue where, when the GlobalProtect app was installed and connected on devices, the HIP check process was delayed and the tunnel was disconnected after 2 hours.
GPC-15923
Fixed an issue where the GlobalProtect app did not detect real-time protection status for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-15812
Fixed an issue where the split tunnel feature did not work as expected on devices running macOS Monterey 12.X and Chrome Browser 104.0.5112.79
GPC-15699
Fixed an issue where the GlobalProtect HIP check did not detect the McAfee antivirus software, causing the device to fail the HIP check.
GPC-15686
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, and when the user executed the command to disable the app, a new line break was added after the timestamp value in the command which caused parsing issues and created incorrect GlobalProtect log messages.
GPC-15663
Fixed an issue where when the GlobalProtect app was deployed for pre-logon and when users tried to change their Windows password, users were prompted to enter only a new password. The app did not prompt users to enter their old password while changing the password.
GPC-15658
Fixed an issue where the GlobalProtect app was connected to a different gateway and not the preferred gateway when the device woke up from sleep mode. The users had to select the preferred gateway manually to connect to the GlobalProtect app.
GPC-15636
Fixed an issue where the GlobalProtect HIP check failed to detect the Real time protection status for Sophos Endpoint Protection.
GPC-15631
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and the app did not start right away after a system reboot.
GPC-15592
Fixed an issue where the GlobalProtect HIP check failed to detect the Definition Version for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-15553
Fixed an issue where the GlobalProtect app got disconnected after 3 hours.
GPC-15548
Fixed an issue where users were unable to connect to the GlobalProtect app when users restarted the device from the hibernation mode.
GPC-15537
Fixed an issue where the GlobalProtect HIP check did not detect the correct Anti-Malware information for the Last Full Scan Time for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-15485
Fixed an issue where the GlobalProtect HIP check did not detect the Real-Time Protection status for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-15439
Fixed an issue where the GlobalProtect app was installed on iOS devices and the GlobalProtect app failed to collect HIP data and the Host Information tab on the device failed to display information.
For the app to display the HIP information, user must update or remove expired certificates from the system.
GPC-15424
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and when the user tried to start the GlobalProtect app using Windows Start menu, the Windows Installer (Msiexec) did not work as expected due to which the app was getting reinstalled on the device.
GPC-15338
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and when the GlobalProtect gateway was configured to exclude routes, the excluded routes were removed from the original routing table when users disconnected the app.
GPC-15315
Fixed an issue where the GlobalProtect HIP check detected incorrect Anti-Malware information for Definition Date for Sophos Endpoint Protection.
GPC-15260
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and GlobalProtect enforcer was configured with allowed FQDNs, users were still able to access the internet and other public domains.
GPC-15255
Fixed an issue where the GlobalProtect HIP check detected the device as Windows firewall enabled even though the firewall was disabled on the device.
GPC-15219
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude application traffic for Zoom, excluded Zoom traffic was still forwarded through the tunnel.
GPC-15205
Fixed an issue where the HIP check process stopped running and the tunnel was disconnected after 3 hours.
GPC-15200
Fixed an issue where the GlobalProtect app did not save the username after Kerberos SSO authentication following which the app could not use the GlobalProtect cached portal configuration. Users had to manually add the username to the Windows registry.
GPC-15149
Fixed an issue where the GlobalProtect app got disconnected due to an incorrect HIP check after the system woke up from sleep mode or when the system was restarted.
GPC-15144
Fixed an issue where, when the GlobalProtect app was installed on Windows 11, version 22 H2 devices, the HIP information for patch management was not collected and the Patch Management section of the Host Profile tab failed to display the HIP details.
GPC-15072
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for Sophos Endpoint Protection and Microsoft Monitoring Agent, which caused the device to fail the HIP check.
GPC-15056
Fixed an issue where the users were not prompted for Multi-Factor Authentication (MFA) even after entering their credentials using IdP (Identity Providers).
GPC-14973
Fixed an issue where the GlobalProtect app stopped working abruptly.
GPC-14770
Fixed an issue where the HIP check process stopped running and the tunnel was disconnected after 3 hours.
GPC-14725
Fixed an intermittent issue where the users were unable to connect to the GlobalProtect app, when the app used cached portal configuration.
GPC-14672
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and No direct access to local network option was enabled with access routes excluded from the GlobalProtect VPN tunnel, the excluded traffic was not sent through the physical adapter on the endpoint. Following this, users were unable to access the local physical network devices such as printers.
GPC-14609
Fixed an issue where the HIP check did not detect the Sentinel One RTP and definition date properly, which caused the HIP check to fail.
GPC-14439
Fixed an issue where, when split tunnel was configured on the GlobalProtect app to exclude destination domain traffic that included a slash character (/) for sub-page domain names, the slash character (/) was not displayed in the sub-page domain names in the exception list.
GPC-13752
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the SAML login page to authenticate Network Discovery was not properly displayed.

GlobalProtect App 5.2.12 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.12 for macOS and Windows.
Issue ID
Description
GPC-15193
Fixed an issue where the GlobalProtect app failed to connect when the embedded browser was closed after Okta authentication.
GPC-15179
Fixed an issue where, when the No Direct Access to local network option was enabled on GlobalProtect gateway, the GlobalProtect users’ loopback interface network was masked causing connection failure.
GPC-15169
Fixed an issue where, when the Allow GlobalProtect UI to Persist for User Input was enabled and the machine was restarted, the GlobalProtect app did not show up on the screen. The browser directly opened the SAML login page and the app worked only in the background after successful authentication.
GPC-15155
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the language was set to Japanese, the password field for disabling the app was not properly displayed.
GPC-15073
A fix was made to address an OpenSSL infinite loop vulnerability in GlobalProtect app software (CVE-2022-0778).
GPC-15062
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the connection became unstable when the user clicked the Click here or Retry button on the default browser page for SAML authentication.
GPC-15050
Fixed an issue where the GlobalProtect HIP check did not detect the Last Scan Date for Cortex XDR, which caused the device to fail the HIP check.
GPC-15030
Fixed an issue where the GlobalProtect app prompted users to re-enter the gateway login credentials even though the save-user credentials was configured.
GPC-15029
Fixed an issue where the GlobalProtect app displayed the incorrect copyright year on the app.
GPC-15017
Fixed an issue where GlobalProtect users were unable to connect using Connect Before Logon because the app got stuck during the SAML authentication stage.
GPC-14959
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect logs displayed password information when the password contained the (<) character.The password characters succeeding the (<) character were displayed in the logs.
GPC-14943
Fixed an issue where the GlobalProtect app connection failed after the app was upgraded to Windows 10 21H2.
GPC-14867
Fixed an issue where the GlobalProtect app could not connect to the Prisma Access gateway when a FQDN was used instead of an IP address in the Proxy Auto-Configuration (PAC) file.
GPC-14763
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the device displayed a blue screen when users tried to connect to the GlobalProtect app.
GPC-14732
Fixed an issue where the GlobalProtect app got disconnected after HIP check.
GPC-14609
Fixed an issue where the HIP check did not detect the Sentinel One RTP and definition date properly, which caused the HIP check to fail.
GPC-14578
Fixed an issue where, after connecting to GlobalProtect using Connect Before Logon (CBL) with SAML authentication, the GlobalProtect app kept opening and closing after the user logged in.
GPC-14572
Fixed an issue where GlobalProtect app users were prompted to re-enter the password when the connection was refreshed.This issue occurred only when the password contained non-English characters.
GPC-14278
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP report displayed encryption status even when the encryption feature was disabled.
GPC-14148
Fixed an issue where the Azure IDP page was not displayed properly when Connect Before Logon was used.
GPC-13939
Fixed an issue where multiple spelling and translation errors were observed in the GlobalProtect app for French localization.
GPC-13725
Fixed an issue where, during a transparent upgrade of the GlobalProtect app, if the system rebooted or woke up from hibernation, the upgrade failed due to competing resources between the system reboot and transparent upgrade. The previous version of the GlobalProtect app was completely uninstalled.

GlobalProtect App 5.2.12 Addressed Issues (iOS only)

There were no addressed issues in GlobalProtect app 5.2.12 for iOS.

GlobalProtect App 5.2.11 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.11 for macOS, Windows, and Android
Issue ID
Description
GPC-14892
Fixed an issue where the users were unable to connect applications such as TESSY to a local database when GlobalProtect was connected.
GPC-14824
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect app tried to restore the gateway connection even when the device was on Modern Standby mode. The users were prompted to authenticate using multi-factor authentication (MFA) authentication.
GPC-14792
Fixed an issue where, when Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to login to the endpoint, the users could not authenticate as the authentication process stopped when redirected to the organization’s sign-in page.
GPC-14716
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the Autonomous Digital Experience Management (ADEM) was not enabled in the app, the agent took more time than expected to establish a connection.
GPC-14691
Fixed an issue where the GlobalProtect IPV6 static route for the gateway was getting removed shortly after establishing the connection causing unexpected GlobalProtect disconnections.
GPC-14686
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect credentials that were saved earlier were lost when the user faced network connectivity issues and the users had to re-enter the credentials.
GPC-14672
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and No direct access to local network option was enabled with access routes excluded from the GlobalProtect VPN tunnel, the excluded traffic was not sent through the physical adapter on the endpoint. Following this, the users were unable to access the local physical network devices such as printers.
GPC-14671
Fixed an issue where the GlobalProtect agent (PanGPA) stopped running when Client Certificate authentication along with SAML authentication method was used to authenticate users. This issue resulted in GlobalProtect connection failures.
GPC-14659
Fixed an issue where, when the user entered their credentials in the Connect Before Logon SAML authentication page, a blank screen was displayed instead of prompting the users to authenticate using a Two-Factor Authentication (2FA) authentication method as expected.
GPC-14651
Fixed an issue where the GlobalProtect HIP check did not detect patch management properly, which caused the device to fail the HIP check.
GPC-14650
Fixed an issue where, when pre-logon was configured for the GlobalProtect app, the users were still prompted to authenticate using multi-factor authentication (MFA) during the GlobalProtect gateway pre-logon stage.
GPC-14649
Fixed an issue where, when the GlobalProtect app was installed on devices running on macOS High Sierra and split tunnel was configured to exclude application traffic such as Microsoft Teams and Zoom, some excluded traffic was still being forwarded through the tunnel.
GPC-14640
Fixed an issue where, when the GlobalProtect app was deployed for pre-logon, the GlobalProtect Enforcer remained enabled even after the app was disabled.
GPC-14616
Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version 10.0.3, which caused the device to fail the HIP check.
GPC-14611
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for Windows Defender and McAfee Anti-Malware Detection, which caused the device to fail the HIP check.
GPC-14610
Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version 10.0.3, which caused the device to fail the HIP check.
GPC-14600
Fixed an issue where the GlobalProtect app did not detect real-time protection and the correct definition date and definition version for Microsoft Defender Advanced Threat Protection (ATP), which caused the device to fail the HIP check.
GPC-14583
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app failed to reconnect and continued to stay in the connecting state even after restarting the device.
GPC-14577
Fixed an issue where, when the GlobalProtect app was configured to use the end user’s default system browser for SAML authentication, the app displayed the following warning message while enrolling with PingID.
Assignment to read-only properties is not allowed in strict mode.
GPC-14567
Fixed an issue where, when Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to log in to the endpoint, users were unable to complete the authentication process as the SAML login page got stuck after they entered their credentials.
GPC-14545
Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version, which caused the device to fail the HIP check.
GPC-14528
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-14522
Fixed an issue where, when the GlobalProtect was configured with split tunnel to include traffic based on the destination domain by overriding the DNS server manually, the DNS queries were still being sent to the DHCP configured server.
GPC-14492
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude or include any application traffic that relied on the loopback connection source IP address, the split tunnel configuration based on the application did not work.
GPC-14488
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, a pop-up message Connected - You are securely connected to the corporate network was displayed and the message continued to stay on the screen even though the users tried to close it.
GPC-14469
Fixed an issue where, when the GlobalProtect app was installed on Windows devices with No direct access to local network option enabled on the gateway and split tunnel feature configured to exclude specific access routes, traffic for those access routes continued to go through the VPN tunnel.
GPC-14453
Fixed an issue where the TCP Option lookup for IP fragmented TCP packets caused the endpoint to lose access to internal resources.
GPC-14439
Fixed an issue where, when split tunnel was configured on the GlobalProtect app to exclude destination domain traffic that included a slash character (/) for sub-page domain names, the slash character (/) was not displayed in the sub-page domain names in the exception list.
GPC-14430
Fixed an issue where the GlobalProtect HIP check did not detect the Trend Micro Apex One Endpoint Security, which caused the device to fail the HIP check.
GPC-14405
Fixed an issue where, when the IPv6 Sinkhole feature was enabled to block the GlobalProtect app from accessing the local network devices using IPv6 address, the GlobalProtect gateway still allowed the GlobalProtect app to send IPV6 traffic to local network devices instead of blocking them.
GPC-14400
Fixed an issue where GlobalProtect HIP check incorrectly detected the encryption stage for Trend Micro Full Disk Encryption as ‘Unknown’.
GPC-14181
Fixed an issue where, when the GlobalProtect portal was set to authenticate users through Security Assertion Markup Language (SAML) authentication, the users were prompted to re-enter their credentials whenever they tried to connect to the GlobalProtect app even when the Authentication override cookie was enabled.
GPC-14125
Fixed an issue where, when the GlobalProtect service (PanGPS) stopped running unexpectedly causing IP address-to-username mapping issues on the firewall. Users were unable to create user-based access policies due to the issue.
GPC-14105
Fixed an issue where the GlobalProtect HIP check did not detect the real-time protection for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-14100
Fixed an issue where, when split tunnel was configured on the GlobalProtect gateway to include routes, the traffic which was not included was also sent over the VPN tunnel intermittently.
GPC-13970
Fixed an issue where DNS queries for excluded domains were sent out on both the GlobalProtect app virtual adapter and the device's physical adapter with the Split-Tunnel Option set to Both Network Traffic and DNS in the App Configurations area of the GlobalProtect portal configuration.
GPC-13878
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the correct definition version and definition date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13774
Fixed an issue where the GlobalProtect tunnel could not send traffic after the system woke up from sleep mode.
GPC-13561
Fixed an issue where the hamburger menu icon on the GlobalProtect app was not highlighted when the users selected the menu using the tab key on the keyboard. Users were unable to identify the difference whether they were using the menu or not since the highlight was not visible to them due to the issue.
GPC-12777
Fixed an issue where, when a device connected to GlobalProtect would establish an Remote Desktop Protocol (RDP) connection to another device connected to GlobalProtect, the RDP connection would time out and disconnect.

GlobalProtect App 5.2.10 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.10 for macOS, Windows, and Android.
Issue ID
Description
GPC-14251
Fixed an issue where the GlobalProtect HIP report displayed incorrect OS version Windows 10 instead of the correct version Windows 11.
GPC-14505
Fixed an issue where GlobalProtect users were prompted to install the Rosetta 2 compatibility package along with the GlobalProtect app on ARM64-based MacBook devices running macOS M1. The system prompted for Rosetta 2 installation despite the GlobalProtect app having native support for the M1 processor (ARM64, Apple silicon).
GPC-14276
Fixed an issue where the Check for Updates option in the GlobalProtect app failed to display the recent GlobalProtect version updates. The users had to refresh the GlobalProtect connection to get the latest version updates.
GPC-14181
Fixed an issue where, when the GlobalProtect portal was set to authenticate users through Security Assertion Markup Language (SAML) authentication, the users were prompted to re-enter their credentials whenever they tried to connect to the GlobalProtect app even when Authentication override cookie was enabled.
GPC-10200
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in the connecting state. Users had to close and launch the GlobalProtect app again to establish the connection.

GlobalProtect App 5.2.9 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.9 for iOS, macOS, and Windows.
Issue ID
Description
GPC-14423
Fixed an issue where the GlobalProtect HIP check did not detect the correct status for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-14421
Fixed an issue where the GlobalProtect app continued to stay in the connecting state when users tried to log in to the gateway by entering their usernames without providing a password. Users were not prompted to re-enter credentials on authentication failure.
GPC-14389
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Bitdefender Endpoint Security for macOS, which caused the device to fail the HIP check.
GPC-14388
Fixed an issue where the GlobalProtect HIP check did not correctly detect the Anti-Malware information for McAfee Endpoint Security on devices running macOS, which caused the devices to fail the HIP check.
GPC-14329
Fixed an issue where macOS devices were able to bypass the GlobalProtect tunnel using the physical adapter even when No direct access to local network was enabled.
GPC-14289
Fixed an issue where the Apple MacBook Pro failed to reconnect to the GlobalProtect app after hibernation.
GPC-14282
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch Management software for the Jamf Pro application, which caused the device to fail the HIP check.
GPC-14234
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app could not send the Kerberos SSO support properly during the pre-login stage.This issue resulted in two authentication prompts when devices were connected to a corporate network.
GPC-14223
Fixed an issue where the GlobalProtect app failed to fetch the configuration from the portal during the automatic configuration refresh.
GPC-14118
Fixed an issue where when SAML was used with the default browser for authentication, GlobalProtect could not establish a tunnel to the gateway with a cached portal configuration.
GPC-14104
Fixed an issue where DNS queries for excluded domains were sent out on both the GlobalProtect app virtual adapter and the device’s physical adapter with the Split-Tunnel Option set to Both Network Traffic and DNS in the App Configurations area of the GlobalProtect portal configuration.
GPC-14099
Fixed an issue where the GlobalProtect app for macOS allowed users to enter extra spaces after the portal IP address or FQDN, causing the connection to fail.
GPC-14089
Fixed an issue where the GlobalProtect app did not launch the SAML login page correctly to complete the authentication sequence.
GPC-14070
Fixed an issue where the GlobalProtect app did not detect real-time protection and the correct definition date for Microsoft Defender Advanced Threat Protection (ATP), causing the HIP check to fail.
GPC-14013
Fixed an issue where the GlobalProtect app displayed the wrong version when fetched from Workspace One.
GPC-14000
Fixed an issue where, when the GlobalProtect HIP check did not detect the Anti-Malware information for Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13978
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-19977
Fixed an issue where the GlobalProtect user was unable to sign in to the portal by pressing the ‘Enter’ key after entering the credentials on the GlobalProtect embedded browser.
GPC-13963
Fixed an issue where the DNS UDP checksum was incorrectly calculated, causing latency in the GlobalProtect connection.
GPC-13939
Fixed an issue where multiple spelling and translation errors were observed in the GlobalProtect app for French localization.
GPC-13938
Fixed an issue where the GlobalProtect HIP check did not detect the correct details for Symantec Endpoint Protection on Windows endpoints, which caused the device to fail the HIP check.
GPC-13870
Fixed an issue where, when the GlobalProtect app was installed on ARM-based MacBook devices running macOS M1, the GlobalProtect app was unable to detect HIP information for Anti-Malware, Disk Backup, Disk Encryption, Firewall, and Patch Management.
GPC-13857
Fixed an issue where, if GlobalProtect was configured for domain-based split tunneling and the domain name resolved to the loopback address (127.0.0.1), the GlobalProtect app would disconnect on devices running macOS 11.5 or later.
GPC-13855
Fixed an issue where the GlobalProtect app for macOS was unable to detect Jamf version 10.31.0 in the HIP check, causing the endpoints to fail the HIP check.
GPC-13834
Fixed an issue where the GlobalProtect app did not start right away after a computer reboot.
GPC-13805
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect HIP report displayed encryption status as unencrypted even when encryption was complete.
GPC-13802
Fixed an issue that caused the GlobalProtect app to restart when using the MacBook keyboard to navigate through the GlobalProtect GUI.
GPC-13794
Fixed an issue where the GlobalProtect login screen displayed an incorrect Spanish translation.
GPC-13737
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the firewall state of McAfee Endpoint Security v10.7.0.1961.
GPC-13735
Fixed an issue where the GlobalProtect users on macOS 11 Big Sur were unable to use the Spotify application properly, when application-based split tunneling was configured on the gateway and Spotify was excluded from the VPN tunnel.
GPC-13705
Fixed an issue where the GlobalProtect HIP check did not correctly detect the McAfee DLP information on Windows 10 devices, which caused the devices to fail the HIP check.
GPC-13693
Fixed an issue where DNS resolution to internal host detection got delayed because of mDNS.
GPC-13674
Fixed an issue where GlobalProtect authentication failed when the SAML username contained special characters.
GPC-13668
Fixed an issue where the GlobalProtect HIP check did not detect the correct details for Cortex XDR, which caused the device to fail the HIP check.
GPC-13632
Fixed an issue where the GlobalProtect HIP check did not detect the details for Forcepoint Data Loss Prevention (DLP) and FireEye Advanced Malware, which caused the device to fail the HIP check.
GPC-13570
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Sentinel Agent, which caused the device to fail the HIP check.
GPC-13569
Fixed an issue where the GlobalProtect HIP report displayed erroneous warning messages, such as whole disk encryption failed, after an upgrade.
GPC-13551
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13420
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app consumed a large amount of storage space under Documents & Data.
GPC-13385
Fixed an issue where the GlobalProtect app took a long time to connect when the internal host detection DNS query failed.
GPC-13364
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect information for Signature Version and Last Updated for the Carbon Black Cloud application, which caused the device to fail the HIP check.
GPC-13346
Fixed an issue where the GlobalProtect app GUI would disappear to the system tray or menu bar during authentication prompts thereby preventing the users from entering their credentials.
GPC-13195
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish a connection for the second user using Security Assertion Markup Language (SAML) authentication when cookie authentication was configured on the portal.
GPC-13093
Fixed an issue where the upgrade to a newer version of GlobalProtect app failed if the Allow User to Uninstall GlobalProtect App (Windows Only) was set to Disallow or Allow with Password.
GPC-13008
Fixed an issue where, when the GlobalProtect app was installed on iOS devices and configured in Always-On mode, the app was unable to send the HIP report to the firewall after the device was turned off and turned on in locked mode. When the device was turned on in locked mode, users connected to the app in Always-On mode but GlobalProtect failed to send the HIP report to the firewall.
GPC-12777
Fixed an issue where the remote desktop connection via GlobalProtect tunnel got disconnected at times.

GlobalProtect App 5.2.8 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.8 for Windows, macOS, and Windows 10 UWP.
Issue ID
Description
GPC-13701
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13683
Fixed an issue where, when the GlobalProtect app was installed on Windows (32-bit) devices and the portal was set up to authenticate end users through the default system browser for Security Assertion Markup Language (SAML) authentication, the default system browser for SAML authentication did not work as expected.
GPC-13680
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-13655
Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13641
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the status of Disk Encryption and the presence of Bitlocker Drive Encryption after upgrading to GlobalProtect app 5.2.6, which caused the device to fail the HIP check.
GPC-13640
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and configured with On-Demand mode, a new portal authentication including a RADIUS challenge caused the app to hang in Connecting state.
GPC-13637
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the status of Disk Encryption and the presence of Bitlocker Drive Encryption, which caused the device to fail the HIP check.
GPC-13622
Fixed an issue where, when the GlobalProtect app was enabled for FIPS-CC mode, the app failed to connect to the portal because the app attempted to perform an OCSP check for the root CA certificate.
GPC-13583
Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version, Malware Definition Date, and Last Full Scan Time for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13558
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the General tab of the GlobalProtect Settings panel displayed a spelling error when the system language was French.
GPC-13555
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app used the tunnel assigned IPv6 address as the source address for the physical interface for the excluded IPv6 traffic. This issue occurred when the physical adapter did not have any IPv6 addresses.
GPC-13551
Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13547
Fixed an issue where, when the GlobalProtect app was deployed for Pre-logon then On-demand, the pre-logon tunnel took 2-3 minutes to connect to GlobalProtect when switching from disconnecting to connecting states. With this fix, the pre-logon tunnel was able to connect to GlobalProtect without changing connection states.
GPC-13511
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP process (PanGpHip) completely stopped running after the GlobalProtect service (PanGPS) crashed.
GPC-13481
Fixed an issue where, where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date and the software version for the 360 security guard and 360 Antivirus, which caused the device to fail the HIP check.
GPC-13479
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13466
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-13464
Fixed an issue where, when the GlobalProtect app was installed on non-English Windows devices, the GlobalProtect HIP check did not detect real-time protection for Cisco Advanced Malware Protection for Endpoints, which caused the device to fail the HIP check.
GPC-13432
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and another application with system extensions were installed, issues with web-browsing and network activity were observed.
GPC-13417
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the correct definition date for Kaspersky Endpoint Security, which caused the device to fail the HIP check.
GPC-13395
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and deployed for Pre-logon then On-demand with user initiated Pre-logon enabled, Start GlobalProtect Connection was displayed at the Windows login page when the system was locked. This option should be displayed only during a system restart or when users logged out from the device.
GPC-13389
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the user was unable to save the gateway as the Preferred Gateway because this setting was removed from the Windows registry after a system reboot.
GPC-13384
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the embedded browser (WKWebView) did not send the client certificate to the SAML identity provider configured with mutual TLS authentication.
GPC-13354
Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and the Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13276
Fixed an issue where when the GlobalProtect app was installed on ARM-based and Intel-based MacBooks, the app continued to stay in connecting state after the device woke up from sleep mode.
GPC-13208
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel (optimized split tunneling) was configured to exclude any application traffic that relied on the loopback connection source IP address to be 127.0.0.1, the excluded application did not work as expected.
GPC-13158
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the blue screen was displayed on the device after users logged in and connected to the app.
GPC-13036
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and exclusions for destination domain traffic were not enforced, the app did not open the browser for SAML authentication that was blocked by the GlobalProtect enforcer.
GPC-12699
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was not disconnected from the tunnel when a user removed a smart card even when Retain Connection on Smart Card Removal was set to No in the GlobalProtect portal configuration.

GlobalProtect App 5.2.8 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.8 for iOS.
Issue ID
Description
GPC-12982
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the connection on an IPv6 LTE network.
GPC-12847
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, users were prompted multiple times to enter their user credentials.
GPC-12005
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed a connection failed error message and the device was reconnecting by itself to GlobalProtect.

GlobalProtect App 5.2.7 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.7 for Windows, macOS, and Android.
Issue ID
Description
GPC-13501
Fixed an issue where, when the GlobalProtect app was deployed on managed Android devices through a mobile device management (MDM) system such as Microsoft Intune, the app was unable to automatically fetch a certificate after upgrading from GlobalProtect app 5.2.5 to GlobalProtect app 5.2.6.
GPC-13479
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13453
Fixed an issue where after a Fresh Install of GlobalProtect app 5.2.6 and using the embedded browser for Security Assertion Markup Language (SAML) authentication, authentication failed due to a script error when end users attempted to access the identity provider (IdP) web page. With this fix, after you installed GlobalProtect app 5.2.7, end users can access the idP web page using the embedded browser for SAML authentication without any script errors and connect to GlobalProtect.
GPC-13452
Fixed an issue where after upgrading to GlobalProtect 5.2.6, the GlobalProtect client on the end user’s endpoint did not connect to the Best Available gateway.
GPC-13446
Fixed an issue in GlobalProtect app for Android devices where the documented syntax of app_list key for Per-App VPN was not in sync with the App.
GPC-13367
Fixed a performance issue where the GlobalProtect HIP process (PanGpHip) caused high CPU usage on devices.
GPC-13366
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, the GlobalProtect HIP check did not detect the correct definition version, definition date, and year for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13364
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect information for Signature Version and Last Updated for the Carbon Black Cloud application, which caused the device to fail the HIP check.
GPC-13303
Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Version and Malware Definition Date for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-13275
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, the GlobalProtect HIP check did not detect the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-13254
Fixed an issue where the GlobalProtect HIP check did not detect did not detect real-time protection for Traps version 4.2.3.41131, which caused the device to fail the HIP check.
GPC-13206
Fixed an issue where the GlobalProtect app was configured to exclude application traffic such as Cisco Webex for split tunnel, excluded traffic was still forwarded through the tunnel. This issue occurred when the Pre-logon Tunnel Rename Timeout value was set to -1 in the GlobalProtect portal configuration.
GPC-13203
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices and if the Exceptions to Enforce GlobalProtect list was configured with a subnet, existing connections to those hosts were not allowed even when the Enforcer status was enabled.
GPC-13188
Fixed an issue where, when the GlobalProtect tunnel was established on macOS devices, the default route was installed before the excluded routes and then excluded traffic leaked into the tunnel periodically.
GPC-13186
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct ESET Endpoint Antivirus definition version.
GPC-13164
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and when the tunnel disconnected and reestablished immediately, the split tunnel configuration based on the application was not adhered.
GPC-13155
Fixed an issue where the GlobalProtect app received a notification when the connection falls back from IPSec to SSL even after setting Display IPSec to SSL Fallback Notification to No to disable the app from displaying the notification.
GPC-13151
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, end users were unable to access the internal domains when split tunnel based on the destination domain was configured with port 53.
GPC-13150
Fixed an issue where the GlobalProtect HIP check did not detect the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13138
Fixed an issue where, after upgrading to GlobalProtect 5.2.6, the GlobalProtect HIP report was not complete, which caused the GlobalProtect client host device to fail the HIP check.
GPC-13120
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina, the Configurable Maximum Transmission Unit for GlobalProtect Connections feature did not support fallback to kernel extension mode.
GPC-13105
Fixed an issue where the GlobalProtect client version was transparently upgraded even when Allow User to Upgrade GlobalProtect was changed to Disallow from Allow Transparently.
GPC-13089
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the Choose An Identity pop-up prompted end users to Select a valid client certificate to connect to GlobalProtect even when the certificate-store-lookup value was set to machine on the GlobalProtect portal.
GPC-13084
Fixed an issue where, when the GlobalProtect app was installed macOS devices, did not detect the correct state for the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-13064
Fixed an issue where the PanGPA.log file displayed the user credentials in (clear-text) data when the SAML identity provider such as Enforce Enboard was used for portal and gateway authentication.
GPC-13061
Fixed an issue where the GlobalProtect service restarted multiple times when DLSA was configured in a dual stack environment.
GPC-13057
Fixed an issue where the Server Name Indication (SNI) was not set in the requests used for the HIP reports and client logout messages.
GPC-13051
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app displayed that the end user was connected to the corporate network even when their device was not connected to Internal Network.
GPC-13045
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the HIP check process was delayed and the tunnel was disconnected after 3 hours.
GPC-13032
Fixed an issue where the GlobalProtect HIP check was unable to detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application.
GPC-13031
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the gateway did not generate the HIP report within a reasonable time period after upgrading to GlobalProtect app 5.2.5-c84.
GPC-12996
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app failed to connect to the GlobalProtect gateway using a cached configuration if the GlobalProtect portal was unreachable using client certificate authentication.
GPC-12995
Fixed an issue where the GlobalProtect app displayed the following HIP notification even when Forcepoint Data Loss Prevention (DLP) was installed: Forcepoint DLP agent is not installed into your system.
GPC-12993
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and the default browser was used for SAML authentication, the app opened the default browser for SAML authentication twice.
GPC-12971
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and configured in a full tunnel deployment, the GlobalProtect virtual adapter was activated with the default gateway set to 0.0.0.0. Starting with GlobalProtect app 5.2.7, you can set a valid default gateway on the adapter using one of the following methods:
  • Open the Windows Registry (enter regedit on the command prompt) and go to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings
    Right-click the Settings folder, then select NewString Value and enter fake-default-gateway string value. In the Value data field, enter yes.
  • Use the Windows Installer (Msiexec) to add the FIXDEFAULTGATEWAY=”yes” Msiexec parameter during the installation.
GPC-12970
Fixed an issue where the GlobalProtect client was unable to establish a connection when the proxy domain name had the “HTTP” keyword.
GPC-12950
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and by changing the registry settings, the end user was able to connect to a different portal even when Allow User to Change Portal Address was set to No in the GlobalProtect portal configuration.
GPC-12916
Fixed an issue where the GlobalProtect HIP check excluded the Anti-Malware information for FireEye but some data was still collected from the FireEye agent and actions were performed on the data in PanGPHip.exe.
GPC-12903
Fixed an issue where, when the GlobalProtect app was installed on Windows devices while third-party software was running, the filter driver failed to load.
GPC-12900
Fixed an issue where the routing flags for the Address Resolution Protocol (ARP) route were not reverted once GlobalProtect was disconnected. This issue caused the third-party VPN connections to fail.
GPC-12781
Fixed an issue where, when the GlobalProtect app was deployed for pre-logon and if a pre-logon tunnel was not established, the subsequent gateway login using RADIUS two-factor authentication (2FA) failed.
GPC-12701
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app did not use the system proxy server to connect to the SAML identity provider.
GPC-12682
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Catalina, end users experienced issues when connecting to Zoom on the internal network.
GPC-12540
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the HIP Report was significantly delayed while checking information for the Windows Defender.
GPC-12527
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Carbon Black Response application.
GPC-12386
Fixed an issue where after a GlobalProtect connection was established, the network interface was detected as public instead of domain due to timer issue with Network Location Awareness (NLA).
GPC-11489
Fixed an issue where the GlobalProtect HIP check did not detect Patch Management information for the Microsoft Intune management extension software.

GlobalProtect App 5.2.7 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.7 for iOS.
Issue ID
Description
GPC-12585
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish a connection when the root CA certificate was configured in the portal configuration and also installed on the device.

GlobalProtect App 5.2.6 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.6 for Windows, macOS, Android, and Linux. Most of these addressed issues were in GlobalProtect app 5.2.5-c84 for Windows and macOS, which was a hotfix release.
Issue ID
Description
GPC-12956
Fixed an issue where, when the GlobalProtect app was installed on Android devices, users had to always manually select a certificate even when the certificate was pre-selected from AirWatch.
GPC-12914
When the GlobalProtect app installed on Windows and macOS devices are connected to gateways on PAN-OS 8.0 or earlier releases, the HIP report generated by GlobalProtect will no longer be sent to the gateway. When using GlobalProtect app 5.2.6 with gateways enabled on PAN-OS 8.0 or earlier releases, you should disable Collect HIP Data.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12899
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and when Save User Credentials was set to No, the username field was already populated with the username for the machine certificate when gateway authentication did not use certificate-based authentication.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12875
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, unusual DNS server entries were found after the system woke up.
GPC-12866
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, users experienced multiple transparent software upgrade issues on the device.
GPC-12859
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, the PanGPS.log file flushed out quickly.
GPC-12854
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur and split tunnel was configured to exclude application traffic such as Zoom, some excluded traffic were still forwarded through the tunnel.
GPC-12853
Fixed an issue where the GlobalProtect app did not perform network discovery and reconnect to the internal network when the primary IP address was changed.
GPC-12841
Fixed an issue where, when the GlobalProtect app was installed on the end user’s device and System Center Configuration Manager (SCCM) was used to set the PORTAL and CANCHANGEPORTAL values to no from the Windows Installer (Msiexec), the end user was unable to connect to the app when logging in for the first time.
GPC-12832
Fixed an issue where the GlobalProtect pre-logon tunnel was unnecessarily disconnected when switching from pre-logon mode to user-logon mode.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12822
Fixed an issue where, the GlobalProtect HIP check did not detect the correct Disk Encryption for the Bitlocker Drive Encryption, which caused the device to fail the HIP check.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12819
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check took longer than expected to collect the HIP information for the Sentinel Agent anti-malware software leading up to an inaccurate HIP report.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12818
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Elastic Security Endgame Sensor 3.x Anti-Malware application, which caused the device to fail the HIP check.
GPC-12814
Fixed an issue where the GlobalProtect app displayed a script error instead of the GlobalProtect embedded browser Security Assertion Markup Language (SAML) login page when users tried to connect to the app through SAML authentication when Okta was used as the identity provider (ldP). This issue occurred after upgrading from GlobalProtect app 5.2.3 to GlobalProtect app 5.2.5.
GPC-12807
Fixed an issue where the GlobalProtect app was unable to establish a connection and the GlobalProtect service continuously restarted with an inactive message that was displayed on the GlobalProtect agent after a system reboot.
GPC-12797
Fixed an issue where, when the GlobalProtect app was installed on Android endpoints and users connect in user-logon mode, the VPN connection failed when users switched from an external network to an internal network.
GPC-12793
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and after the device was rebooted, the app attempted to connect but failed. As a result, users had to disconnect and then reconnect to the app.
GPC-12792
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Microsoft Defender ATP software, which caused the device to fail the HIP check.
GPC-12791
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct date and year for the Microsoft Defender ATP software, which caused the device to fail the HIP check.
GPC-12782
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was unable to translate the CA certificate that contained unicode characters for certificate authentication, and as a result, client certificate authentication failed.
GPC-12780
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.16 application, which caused the device to fail the HIP check.
GPC-12770
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the GlobalProtect HIP check did not detect the correct date and year for the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-12751
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the GlobalProtect HIP process (PanGpHip) crashed multiple times and the gateway was disconnected.
GPC-12748
Fixed an issue where the GlobalProtect authentication failed when the new password contained the (+) character.
GPC-12732
Fixed an issue where the GlobalProtect app displayed a script error instead of the GlobalProtect embedded browser Security Assertion Markup Language (SAML) login page when users tried to connect to the app through SAML authentication when Okta was used as the identity provider (ldP).
GPC-12731
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Save User Credentials was enabled, users were prompted for credentials for every alternate gateway authentication when SAML was used as the portal authentication.
GPC-12728
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Morphisec Protector software, which caused the device to fail the HIP check.
GPC-12720
Fixed an issue where, when the GlobalProtect app was installed on iOS devices and the portal was down or unreachable, the app displayed an error message when the app used the cached portal client configuration.
GPC-12716
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and after upgrading from GlobalProtect app 5.2.4 to GlobalProtect 5.2.5, the app attempted to reconnect when the connect method was set to On-Demand mode.
GPC-12714
Fixed an issue where, when the GlobalProtect app was installed on Windows, the app did not identify the firewall settings for Kaspersky Endpoint Security.
GPC-12689
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-12630
Fixed an issue where users established a GlobalProtect connection to Prisma Access but failed to connect to a manually selected Prisma Access gateway.
GPC-12607
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Resolve All FQDNs Using DNS Servers Assigned by the Tunnel was set to Yes, DNS resolution failed in a dual stack environment.
GPC-12603
Fixed an issue where users established a GlobalProtect connection to Prisma Access but failed to connect to a manually selected Prisma Access gateway when upgrading to GlobalProtect app 5.2.5.
GPC-12601
Fixed an issue where information about the manual gateway was included in the portal message in the PanGPA.log file.
GPC-12596
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Real-Time Protection status for the ESET Endpoint Antivirus, which caused the device to fail the HIP check.
GPC-12570
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured based on the destination domain, IPv6 traffic was forwarded through the tunnel.
GPC-12569
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the pre-logon tunnel was not renamed after users logged in to the device through SAML authentication.
GPC-12568
Fixed an issue where the GlobalProtect app displayed the following notification when Connect with SSL Only was enabled by you or the end user:
The network connection is unreliable and GlobalProtect reconnected using an alternate method. You may experience slowness when accessing the internet or business applications.
With this fix, this notification will display only when GlobalProtect falls back to using SSL after attempting IPSec. If you specified the amount of time (in hours) during which you want the GlobalProtect app to Automatically Use SSL When IPSec Is Unreliable for example 5 hours, the app will not display this notification during the specified time period because it will not attempt to establish an IPSec tunnel and instead establish an SSL tunnel.
GPC-12567
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the pre-logon tunnel was not renamed after users logged in to the device through SAML authentication.
GPC-12565
Fixed an issue where the GlobalProtect app did not display the proper authentication message for the login screen when the RSA token was not synchronized. This issue occurred when GlobalProtect was used with seamless RSA authentication.
GPC-12562
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the DNS short name resolution was not queried with all the DNS suffixes present on the client machine.
GPC-12559
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app delayed establishing a connection to the gateway for 90 seconds because of the delay in setting up the IP address on the virtual adapter.
GPC-12558
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7, the GlobalProtect HIP check did not detect the Carbon Black Cloud application, which caused the device to fail the HIP check.
GPC-12543
Fixed an issue where GlobalProtect parsed the external gateways from the portal configuration and each gateway was resolved individually and thereby increased the time to finish DNS resolution for all the external gateways. With this fix, GlobalProtect will now resolve only the first external gateway at the beginning of network discovery, and then resolve all the external gateways (auto discovery) at the same time. This can help to reduce the time for DNS resolution.
GPC-12507
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the character size of the pre-login page was difficult to read on high-resolution. With this fix, users now have the option to Zoom In, Zoom Out, and Restore Default Zoom when they connect to the app through SAML authentication using Okta as the ldP.
GPC-12499
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect agent restarted when the system extensions were loaded.
GPC-12466
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running 10.14.6, the GlobalProtect HIP check did not detect the Anti-Malware information for the Carbon Black Endpoint Detection and Response application, which caused the device to fail the HIP check.
GPC-12465
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect correct the Last Full Scan Time information for the Symantec Endpoint Protection, which caused the device to fail the HIP check.
GPC-12447
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur and when the pre-logon tunnel was established to the internal gateway, the Enforcer status was enabled.
GPC-12442
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the app failed to connect to the portal or gateway after upgrading from GlobalProtect app 5.0.9 to GlobalProtect 5.2.4.
GPC-12440
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Disk Encryption information for the enumerated disks, which caused the device to fail the HIP check.
GPC-12385
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.16 application, which caused the device to fail the HIP check.
GPC-12377
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app did not display the GlobalProtect system tray icon after the explorer.exe application was restarted from the Task Manager.
GPC-12356
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect tunnel was disconnected after the device woke up from Modern Standby mode.
GPC-12352
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Real-Time Protection status for the ESET Endpoint Antivirus, which caused the device to fail the HIP check.
GPC-12293
Fixed an issue where, the GlobalProtect HIP check did not detect the correct Last Full Scan Time information for SenitnelOne Antivirus 4.4.2, which caused the device to fail the HIP check.
GPC-12278
Fixed an issue where, when the GlobalProtect app was configured for split tunnel based on the destination domain, the fully qualified domain names were case-sensitive when the number of inclusions and exclusions added to the list was more than eight entries.
GPC-12265
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the user interface of the GlobalProtect agent was unresponsive when users were prompted to enter their one-time password (OTP).
GPC-12252
Fixed an issue where users were not prompted for their login credentials after using Remote Desktop Protocol (RDP) to connect to the GlobalProtect app and they were disconnected after the grace period expired.
GPC-12248
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the web interface did not display the normal window size when seamless soft-token authentication was used on a high display resolution (3840 X 2160) system. This issue occurred when the auth-api value was set to yes in the Windows registry.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12235
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and after the GlobalProtect agent was installed as the SYSTEM user through SCCM or Microsoft Intune, the repair message pops-up for modern devices and failure or reconnection message pop-ups for normal devices.
GPC-12212
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude application traffic such as Microsoft Teams and Zoom, some excluded traffic was still forwarded through the tunnel.
GPC-12190
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect enforcer blocked SAML authentication after the endpoint woke up from sleep mode.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12041
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct Anti-Malware information for the Last Full Scan Time for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-11987
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude destination domain traffic that included a wildcard character (*) for domain names, excluded traffic is still forwarded through the tunnel.
GPC-11964
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the No direct access to local network option was enabled on the gateway, the default route was deleted for the interface to the local gateway when the IPv6 address was changed that caused GlobalProtect to disconnect.
GPC-11916
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed the The connection has failed error message when changing from WiFi to a LTE network.
GPC-11568
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, traffic was blocked for 25-45 seconds for some users while generating the HIP report.
GPC-11484
Fixed an issue where, when the GlobalProtect app was installed on Windows, macOS, and Linux devices, the HIP process collected information about all supported endpoint security software even when HIP Data Collection was configured on the portal to exclude categories, vendors, and products.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-11450
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, client certificate authentication failed when using a common access card (CAC).
GPC-11367
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cybereason.
This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-11311
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the output [1]+ Done $PANGPA start was displayed when users executed commands such as ls /etc/hostname or echo hi in the command prompt.
GPC-11281
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app automatically switched to the graphics processor on the user’s device during SAML authentication.
GPC-10650
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the transparent software upgrade failed for the GlobalProtect app.

GlobalProtect App 5.2.6 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.6 for iOS.
Issue ID
Description
GPC-11916
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed The connection has failed error message when changing from WiFi to a LTE network.

GlobalProtect App 5.2.5 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.5 for Android, Chrome, Windows, macOS, and Linux.
Issue ID
Description
GPC-12353
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the app was unable to establish a connection when the Netskope Client was installed on the system.
GPC-12266
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was disconnected from the tunnel and performed a network discovery after waking up from Modern Standby mode.
GPC-12264
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app failed to establish a connection when the SIP softphone client was installed on the system.
GPC-12243
Fixed an issue where, when the gateway was manually selected for the first time instead of the Best Available gateway, any subsequent connections to the Best Available gateway allowed end users to connect to the manually selected gateway rather than the Best Available gateway.
GPC-12203
Fixed an issue where the About GlobalProtect dialog did not display the copyright symbol when the system language was German.
GPC-12202
Fixed an issue where the Custom Password Expiration Message (LDAP Authentication Only) notification displayed grammatical errors when the system language was German.
GPC-12185
Fixed an issue where the GlobalProtect app detected two or more internal gateways and all the gateways required users to authenticate through SAML authentication, the app stopped all operations following SAML authentication with the first gateway.
GPC-12174
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS 10.15 or 11.0, the GlobalProtect HIP check did not detect the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-12173
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.11 application, which caused the device to fail the HIP check.
GPC-12154
Fixed an issue where the ADUC application and computer console experienced slowness after upgrading from GlobalProtect app 5.1.3 to 5.2.3.
GPC-12131
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.12 application, which caused the device to fail the HIP check.
GPC-12105
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and split tunnel was configured based on the application, some traffic did not follow the split tunnel configuration on applications such as Microsoft Teams.
GPC-12104
Fixed an issue where the GlobalProtect client on the end user’s endpoint did not connect to the Best Available gateway after the endpoint woke up from sleep mode. This issue occurred when SAML authentication was used and in the auto-scaled gateway scenario. With this fix, the GlobalProtect client can also connect to the Best Available gateway in the auto-scaled gateway scenario.
GPC-12097
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the clear text password was visible through a memory dump when using the system browser for SAML authentication.
GPC-12066
Fixed an issue where, when split tunnel was configured based on the destination domain and Both Network Traffic and DNS was selected, users experienced a delay when accessing the exclusions applied to the DNS traffic and the associated network application traffic for that domain.
GPC-12059
Fixed an issue where the default route for the tunnel was removed shortly after establishing the tunnel.
GPC-12050
Fixed an issue where the GlobalProtect HIP check did not correctly detect the Last Full Scan Time information for the Windows Defender on Windows endpoints, which caused the endpoints to fail the HIP check.
GPC-12044
Fixed an issue where, after the GlobalProtect app was upgraded to release 5.1.6, the GlobalProtect virtual adapter was unable to be setup properly when using laptop docking stations.
GPC-12043
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and used a smart card for client certificate authentication, the number of prompts used between the portals were different.
GPC-12031
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the whether the Firewall software was enabled, which caused the endpoints to fail the HIP check.
GPC-12015
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Sophos Endpoint Protection.
GPC-12004
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cisco Advanced Malware Protection (AMP).
GPC-11995
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Sophos Endpoint Protection version 10.0.0.
GPC-11938
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the app was unable to automatically launch due to the Cannot connect to local GPD service error message.
GPC-11932
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application.
GPC-11931
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect virtual interface adapter continued to stay enabled when connected to an internal network. Subsequently, the app failed to establish a tunnel connection with an external gateway on the external network due to the Failed to get default route entry error message, which caused the virtual adapter activation to fail.
GPC-11911
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the Custom Password Expiration Message (LDAP Authentication Only) notification is blank after you changed the message setting.
GPC-11876
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the command string for pre-vpn-connect or post-vpn-connect contained arguments with one or more whitespace characters, which caused the built-in GlobalProtect app upgrade to fail.
GPC-11875
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7, the GlobalProtect HIP check did not detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application version 4.9.2, which caused the device to fail the HIP check.
GPC-11712
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch-Management software for the JAMF Pro software application, which caused the device to fail the HIP check.
GPC-11686
Fixed an issue where the HIP report did not contain the correct Last Full Scan Time information for the AVG Internet Security software.
GPC-11648
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch-Management software for the JAMF Pro software application, which caused the device to fail the HIP check.
GPC-11606
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Avast Antivirus software version 20.x. After upgrading from Antivirus software version 18.x, the GlobalProtect HIP check did detect the Avast Antivirus software version 20.x.
GPC-11460
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software.
GPC-11440
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect agent stopped running after the device initially connected to the portal or gateway.
GPC-11367
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cybereason.

GlobalProtect App 5.2.5 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.5 for iOS.
Issue ID
Description
GPC-11888
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the connection on a 4G LTE network when the gateway was resolved to IPv6 only.
GPC-11684
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, VPN tunnel restoration was not supported when the portal was configured in Always On mode.
GPC-11633
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed No available network even when the network was available.

GlobalProtect App 5.2.4 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.4 for Windows, macOS, Android, and Linux.
Issue ID
Description
GPC-12069
Fixed an issue where, when the GlobalProtect app was installed on Chromebooks, the selection criteria for the portal agent configuration failed when the OS configured in the Config Selection Criteria was specified as Chrome.
GPC-11989
Fixed an issue where SAML authentication was blocked because the GlobalProtect enforcer did not parse all the fully qualified domain names configured in the FQDN exclusions list.
GPC-11894
Fixed an issue where, when the GlobalProtect app was installed on Windows devices with the Resolve All FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only) set to Yes and after the portal configuration refresh interval timer was reached, the DNS queries were sent to both interfaces.
GPC-11865
Fixed an issue where the GlobalProtect Update pop-up dialog displayed grammatical errors.
GPC-11868
Fixed a rare issue where the PanGPS log file was not rotated and it caused the PanGPS.log file to consume a large amount of disk space.
GPC-11819
Fixed an issue where the GlobalProtect app could not properly exclude multicast routes specified in the exclude list.
GPC-11805
Fixed an intermittent issue where, when split tunnel was configured based on the destination domain and application, users were not allowed access to specific fully qualified domain names after changing the network.
GPC-11804
Fixed an issue where, when the GlobalProtect app was installed on Windows and macOS devices with the Split-Tunnel Option enabled for both network traffic and DNS, the DNS queries were sent to both interfaces.
GPC-11797
Fixed an issue where, when the GlobalProtect app was installed on macOS Big Sur devices and split tunnel was configured based on the application, the app was unable to connect to applications such as Zoom.
GPC-11792
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 or later, the app did not accept character input when using the on-screen Accessibility Keyboard required for remote learning.
GPC-11784
Fixed an issue where the GlobalProtect app was configured with Pre-logon then On-demand mode and if the network was changed or the network connection was lost during pre-logon tunnel mode, the pre-logon tunnel was not able to reconnect to the app after the machine was connected to the network.
GPC-11781
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was disconnected from the tunnel after the Pre-logon Tunnel Rename Timeout expired even when users successfully authenticated to the gateway through either SAML authentication or RADIUS for two-factor authentication.
GPC-11777
Fixed an issue where the GlobalProtect app will not perform network discovery due to a network change event when the app was connected to the internal gateway without a tunnel connection.
GPC-11749
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, DNS resolution failed when the app was connected on Ubuntu 20.04.
GPC-11726
Fixed an issue where the GlobalProtect client continued to stay in connecting state even when SAML authentication was configured to establish a connection to the portal or gateway.
GPC-11723
Fixed an issue where, after you installed the GlobalProtect app on macOS devices using the client upgrade prompt, a kernel panic occurred on the macOS device.
GPC-11707
Fixed an issue where the GlobalProtect app continued to stay in connecting state after failing to meet the Config Selection Criteria configured on the portal following a successful SAML authentication.
GPC-11638
Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices and network connectivity was enabled in Modern Standby, the tunnel failed to be restored after waking up from sleep mode.
GPC-11587
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Duo Security multi-factor authentication (MFA) was used to authenticate users through SAML authentication on the identity provider (ldP), the app did open an embedded browser using Connect Before Logon but the content incorrectly displayed.
GPC-10200
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in connecting state. Users had to close and launch the app to establish the connection.

GlobalProtect App 5.2.4 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.4 for iOS.
Issue ID
Description
GPC-11669
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app continued to stay in connecting state after changing the network type and failed to automatically reconnect.

GlobalProtect App 5.2.3 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.3 for Windows, macOS, Linux, and Android.
Issue ID
Description
GPC-11706
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect tunnel could not send traffic after the system woke up from sleep mode.
GPC-11694
Fixed an issue where the GlobalProtect tunnel was disconnected when the server sent packets greater than 1524.
GPC-11683
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect virtual interface was locally unreachable.
GPC-11660
Fixed an issue on the GlobalProtect agent when the response from the gateway pre-login included the error status and an empty message, but the GlobalProtect client was not expected to receive the response from the pre-login with the error status and an empty message. With this fix, the GlobalProtect client is configured to handle the error status and the empty message response from the gateway pre-login when the minimum version is set to TLSv1.2 in the SSL/TLS service profile.
GPC-11659
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the gateway was randomly disconnected and users cannot reconnect until they force stop or force start the app.
GPC-11656
Fixed an issue where, after you upgraded the GlobalProtect app to release 5.2.1 or release 5.2.2 on macOS devices using the client upgrade prompt, a kernel panic occurred on the macOS device.
GPC-11644
Fixed an issue where the HIP report did not contain the correct Last Full Scan Time information for the AVG Internet Security software.
GPC-11643
Fixed an issue where, when the GlobalProtect app was installed on Android devices and when the Allow Authentication with User Credentials OR Client Certificate option was set to Yes on the portal, users were not able to authenticate to the portal with a valid client certificate. With this fix, users are now able to authenticate to the portal with a valid client certificate when the Allow Authentication with User Credentials OR Client Certificate option is set to Yes on the portal.
GPC-11637
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GUI version of GlobalProtect sometimes was unresponsive (for example, when the GNOME Shell was replaced).
GPC-11616
Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Anti-Malware information for Sophos Endpoint Protection version 10.0.0.
GPC-11612
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the speed limit of the GlobalProtect adapter was set to a maximum of 100Mbps, With this fix, the speed limit of the GlobalProtect adapter is now set to a maximum of 2Gbps.
GPC-11603
Fixed an issue where, when the GlobalProtect Android app was installed on Chromebooks, the app identified the operating system as Android instead of Chrome.
GPC-11601
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the tunnel when the connection was on the mobile network.
GPC-11594
Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GUI version of GlobalProtect hangs when multiple terminals were launched (in a multi-user target) or when one terminal had to be launched for the GUI version to launch.
GPC-11569
Fixed an issue on Windows endpoints where, if the GlobalProtect app is configured with the Pre-logon (Always On) Connect Method with the Pre-logon Tunnel Rename Timeout value set to -1 (or any other value) and users disable the app and reboot their endpoint, the pre-logon tunnel is up after they login. After the system reboots, the app is disabled but the virtual interface is enabled. With this fix, the app and the virtual interface are disabled after a system reboot.
GPC-11538
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina, the GlobalProtect service restarted after a system reboot or when users logged out and logged in to the endpoint.
GPC-11530
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and the No direct access to local network option was enabled, users with administrator privileges were able to modify the routing table to bypass the VPN tunnel.
GPC-11529
Fixed an issue where Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to log in to the Windows 10 endpoint, users were able to launch the command prompt from the authentication web browser.
GPC-11527
Fixed an issue where, when the GlobalProtect app was installed on Windows endpoints and split tunnel was configured based on the application, handle leaks were observed by the GlobalProtect service.
GPC-11525
Fixed an issue where the GlobalProtect app failed to connect to the portal or gateway in the Prisma Access network through the proxy.
GPC-11524
Fixed an issue where, when the GlobalProtect app was deployed on managed Android devices through a mobile device management (MDM) system such as Microsoft Intune, the app hangs in Connecting state and the tunnel failed to be restored when users moved to a poor cell reception.
GPC-11489
Fixed an issue where the GlobalProtect HIP check did not detect Patch Management information for the Microsoft Intune management extension software.
GPC-11478
Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the No direct access to local network option was enabled on the gateway, the access route to the default gateway was not properly masked.
GPC-11466
Fixed an issue on Windows 10 endpoints where the Active Directory Users and Computers (ADUC) application experienced high latency when users established a GlobalProtect connection.
GPC-11461
Fixed an issue where, after you upgraded and installed the GlobalProtect app, the app was unable to connect to the gateway due to the Failed to get default route entry error message.
GPC-11448
Fixed an issue where the GlobalProtect app was unable to establish a connection to the gateway because the fully qualified domain name (FQDN) specified for the gateway mapped to a different IP address during network discovery and pre-login. With this fix, the app performed a network discovery again and connected to the Best Available gateway.
GPC-11402
Fixed an issue where, when the GlobalProtect app was installed on Windows endpoints, the app was disconnected from the VPN tunnel after the pre-logon tunnel grace period expired even when users logged in to the endpoint and the pre-logon tunnel was successfully renamed. This issue occurred when two-factor authentication (2FA) was used.
GPC-11393
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app performed a second network discovery after gateway authentication was successful. This issue resulted in two authentication prompts (for example, the SAML authentication type) right after waking up from sleep mode.
GPC-11395
Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.4, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-11370
Fixed an issue where the GlobalProtect app selected the geographically distant gateway instead of the gateway with the faster response time. With this fix, the Best Available gateway is now determined by the assigned weight of the gateway.
GPC-11349
Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Engine Version, Definition Version, and Date for the CrowdStrike Falcon application.
GPC-11346
Fixed an issue where portal authentication failed due to the authentication failure during the GlobalProtect App Config Refresh configuration, which caused users to be locked out of the RSA device.
GPC-11218
Fixed an issue where the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-11173
Fixed an issue where the GlobalProtect app was configured with On-Demand mode and continued to stay in connecting state even when manually switching to a different gateway failed. With this fix, the app will now display an error message when switching to a different gateway failed.
GPC-11084
Fixed an issue where, when the GlobalProtect app was connected on Linux endpoints, the DNS content was removed from the resolv.conf file found in the /etc folder because the network was interrupted.
GPC-10954
Fixed an issue in GlobalProtect for macOS endpoints where installing or upgrading the package using a MDM system such as JAMF Pro resulted in a GlobalProtect app initialization failure.
GPC-10934
Fixed an issue where the original DNS suffixes were removed from the client machine and only the DNS suffixes from the gateway were applied.
GPC-10831
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect service modified the DNS suffix system list even when the gateway pushed an empty DNS suffix list.
GPC-10200
Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in connecting state. Users had to close and launch the app to establish the connection.

GlobalProtect App 5.2.2 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.2 for Windows, macOS, and iOS.
Issue ID
Description
GPC-11531
Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the GlobalProtect service was started multiple times when users initiated the VPN connection from the iOS VPN settings.
GPC-11479
Fixed an issue where the GlobalProtect app took more than 2 minutes to establish a connection when users installed the app for the fist time on macOS endpoints running macOS Catalina 10.15.4 or later. This issue occurred when the administrator did not select the GlobalProtect System Extensions check box during the installation.

GlobalProtect App 5.2.1 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.1 for Windows, macOS, Linux, Android, and iOS.
Issue ID
Description
GPC-10476
Fixed an issue where in high bandwidth environments, the download speed through the GlobalProtect connection was slower than the upload speed.
GPC-11464
Fixed an issue where, when the GlobalProtect app was deployed for Android on managed Chromebooks using the Google Admin console, the app disconnected and reconnected because the same managed configuration file was pushed from the Google Admin Console multiple times.
GPC-11417
Fixed an issue for Android on Chromebooks where, if the GlobalProtect app was configured with the Always On connect method, the app did not automatically connect to the portal after users rebooted the system.
GPC-11348
Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect client failed to rename the pre-logon tunnel to the user tunnel when SAML was used to authenticate users.
GPC-11347
Fixed an issue where, when the GlobalProtect app was installed on Windows devices and a connection was established, high CPU usage (around 30 percent) was detected for the system process.
GPC-10881
Fixed an issue, when the GlobalProtect app was installed on iOS devices with Always On mode as part of the VPN profile, the app frequently reported authentication errors. This issue occurred when the portal cache configuration was not saved successfully.
GPC-9982
Fixed an issue, when the GlobalProtect app was installed on macOS endpoints running macOS Catalina 10.15 or later and HIP checks were enabled, the macOS endpoint displayed additional pop-ups to the user when GlobalProtect requested to access your Desktop, Documents, and Downloads folders.