Focus

GlobalProtect

Addressed Issues in GlobalProtect App 5.2

Table of Contents

Addressed Issues in GlobalProtect App 5.2

See the list of addressed issues in GlobalProtect app 5.2 for Android, iOS, Chrome, Windows, Windows 10 UWP, and macOS.

The following topic describes the issues addressed in GlobalProtect app 5.2 for Android, iOS, Chrome, Windows, Windows 10 UWP, macOS, and Linux.

GlobalProtect App 5.2.13-c418 Addressed Issues
GlobalProtect App 5.2.13 Addressed Issues
GlobalProtect App 5.2.12 Addressed Issues
GlobalProtect App 5.2.12 Addressed Issues (iOS only)
GlobalProtect App 5.2.11 Addressed Issues
GlobalProtect App 5.2.10 Addressed Issues
GlobalProtect App 5.2.9 Addressed Issues
GlobalProtect App 5.2.8 Addressed Issues
GlobalProtect App 5.2.8 Addressed Issues (iOS only)
GlobalProtect App 5.2.7 Addressed Issues
GlobalProtect App 5.2.7 Addressed Issues (iOS only)
GlobalProtect App 5.2.6 Addressed Issues
GlobalProtect App 5.2.6 Addressed Issues (iOS only)
GlobalProtect App 5.2.5 Addressed Issues
GlobalProtect App 5.2.5 Addressed Issues (iOS only)
GlobalProtect App 5.2.4 Addressed Issues
GlobalProtect App 5.2.4 Addressed Issues (iOS only)
GlobalProtect App 5.2.3 Addressed Issues
GlobalProtect App 5.2.2 Addressed Issues
GlobalProtect App 5.2.1 Addressed Issues

GlobalProtect App 5.2.13-c418 Addressed Issues

This release contains security-related fixes.

GlobalProtect App 5.2.13 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.13 for macOS and Windows.

Issue ID	Description
GPC-16878	Fixed an issue where the GlobalProtect HIP check incorrectly detected Definition Version for Cortex XDR, which caused the device to fail the HIP check.
GPC-16713	Fixed an issue where Connect Before Logon would unexpectedly fall back to username and password authentication after a failed SAML authentication attempt to the gateway.
GPC-16601	Fixed an issue where connect before logon would get stuck at Connecting if on an internal network with internal gateways.
GPC-16495	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the GlobalProtect cookie stopped working when CIS Benchmark 5.1.1 (Center for Internet Security) was applied for mac OS 12 Monterey to safeguard internet services.
GPC-16449	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS with split tunnel based on domain, the split tunnel did not work as expected after the system woke up from sleep mode.
GPC-16346	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check took longer than expected to collect the HIP information and also displayed HIP pop-up error messages for antivirus software, which caused the device to fail the HIP check.
GPC-16289	Fixed an issue where, when the GlobalProtect app was configured with split tunnel to exclude traffic, users could not access the excluded Airtel 4G PPP dongle application since the Airtel PPP default traffic route was removed.
GPC-16144	Fixed an issue where the GlobalProtect app failed to detect Cisco Secure Endpoint anti-malware software installed on the device.
GPC-16135	Fixed an issue where the GlobalProtect app connection failed when Windows 10 21H2 users tried to switch to another Windows user account on the device.
GPC-16119	Fixed an issue where the GlobalProtect app was installed on devices running macOS, the GlobalProtect HIP check failed to detect the Real time protection status for Symantec Endpoint Protection.
GPC-16056	Fixed an issue where GlobalProtect HIP check did not detect the name of the Trellix Agent correctly which caused the device to fail the HIP check.
GPC-16055	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, the app did not display 'Authentication Failed' when the user entered an incorrect RSA SecureID.
GPC-16029	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, users were prompted for certificate selection even when the Extended Key Usage OID for Client Certificatewas configured in the App Configurations area of the GlobalProtect portal configuration.
GPC-15972	Fixed an issue where the GlobalProtect HIP check did not detect the Real-Time Protection status correctly for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-15933	Fixed an issue where, when the GlobalProtect app was installed and connected on devices, the HIP check process was delayed and the tunnel was disconnected after 2 hours.
GPC-15923	Fixed an issue where the GlobalProtect app did not detect real-time protection status for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-15812	Fixed an issue where the split tunnel feature did not work as expected on devices running macOS Monterey 12.X and Chrome Browser 104.0.5112.79
GPC-15699	Fixed an issue where the GlobalProtect HIP check did not detect the McAfee antivirus software, causing the device to fail the HIP check.
GPC-15686	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS, and when the user executed the command to disable the app, a new line break was added after the timestamp value in the command which caused parsing issues and created incorrect GlobalProtect log messages.
GPC-15663	Fixed an issue where when the GlobalProtect app was deployed for pre-logon and when users tried to change their Windows password, users were prompted to enter only a new password. The app did not prompt users to enter their old password while changing the password.
GPC-15658	Fixed an issue where the GlobalProtect app was connected to a different gateway and not the preferred gateway when the device woke up from sleep mode. The users had to select the preferred gateway manually to connect to the GlobalProtect app.
GPC-15636	Fixed an issue where the GlobalProtect HIP check failed to detect the Real time protection status for Sophos Endpoint Protection.
GPC-15631	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and the app did not start right away after a system reboot.
GPC-15592	Fixed an issue where the GlobalProtect HIP check failed to detect the Definition Version for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-15553	Fixed an issue where the GlobalProtect app got disconnected after 3 hours.
GPC-15548	Fixed an issue where users were unable to connect to the GlobalProtect app when users restarted the device from the hibernation mode.
GPC-15537	Fixed an issue where the GlobalProtect HIP check did not detect the correct Anti-Malware information for the Last Full Scan Time for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-15485	Fixed an issue where the GlobalProtect HIP check did not detect the Real-Time Protection status for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-15439	Fixed an issue where the GlobalProtect app was installed on iOS devices and the GlobalProtect app failed to collect HIP data and the Host Information tab on the device failed to display information. For the app to display the HIP information, user must update or remove expired certificates from the system.
GPC-15424	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and when the user tried to start the GlobalProtect app using Windows Start menu, the Windows Installer (Msiexec) did not work as expected due to which the app was getting reinstalled on the device.
GPC-15338	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and when the GlobalProtect gateway was configured to exclude routes, the excluded routes were removed from the original routing table when users disconnected the app.
GPC-15315	Fixed an issue where the GlobalProtect HIP check detected incorrect Anti-Malware information for Definition Date for Sophos Endpoint Protection.
GPC-15260	Fixed an issue where, when the GlobalProtect app was installed on devices running macOS and GlobalProtect enforcer was configured with allowed FQDNs, users were still able to access the internet and other public domains.
GPC-15255	Fixed an issue where the GlobalProtect HIP check detected the device as Windows firewall enabled even though the firewall was disabled on the device.
GPC-15219	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude application traffic for Zoom, excluded Zoom traffic was still forwarded through the tunnel.
GPC-15205	Fixed an issue where the HIP check process stopped running and the tunnel was disconnected after 3 hours.
GPC-15200	Fixed an issue where the GlobalProtect app did not save the username after Kerberos SSO authentication following which the app could not use the GlobalProtect cached portal configuration. Users had to manually add the username to the Windows registry.
GPC-15149	Fixed an issue where the GlobalProtect app got disconnected due to an incorrect HIP check after the system woke up from sleep mode or when the system was restarted.
GPC-15144	Fixed an issue where, when the GlobalProtect app was installed on Windows 11, version 22 H2 devices, the HIP information for patch management was not collected and the Patch Management section of the Host Profile tab failed to display the HIP details.
GPC-15072	Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for Sophos Endpoint Protection and Microsoft Monitoring Agent, which caused the device to fail the HIP check.
GPC-15056	Fixed an issue where the users were not prompted for Multi-Factor Authentication (MFA) even after entering their credentials using IdP (Identity Providers).
GPC-14973	Fixed an issue where the GlobalProtect app stopped working abruptly.
GPC-14770	Fixed an issue where the HIP check process stopped running and the tunnel was disconnected after 3 hours.
GPC-14725	Fixed an intermittent issue where the users were unable to connect to the GlobalProtect app, when the app used cached portal configuration.
GPC-14672	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and No direct access to local network option was enabled with access routes excluded from the GlobalProtect VPN tunnel, the excluded traffic was not sent through the physical adapter on the endpoint. Following this, users were unable to access the local physical network devices such as printers.
GPC-14609	Fixed an issue where the HIP check did not detect the Sentinel One RTP and definition date properly, which caused the HIP check to fail.
GPC-14439	Fixed an issue where, when split tunnel was configured on the GlobalProtect app to exclude destination domain traffic that included a slash character (/) for sub-page domain names, the slash character (/) was not displayed in the sub-page domain names in the exception list.
GPC-13752	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the SAML login page to authenticate Network Discovery was not properly displayed.

GlobalProtect App 5.2.12 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.12 for macOS and Windows.

Issue ID	Description
GPC-15193	Fixed an issue where the GlobalProtect app failed to connect when the embedded browser was closed after Okta authentication.
GPC-15179	Fixed an issue where, when the No Direct Access to local network option was enabled on GlobalProtect gateway, the GlobalProtect users’ loopback interface network was masked causing connection failure.
GPC-15169	Fixed an issue where, when the Allow GlobalProtect UI to Persist for User Input was enabled and the machine was restarted, the GlobalProtect app did not show up on the screen. The browser directly opened the SAML login page and the app worked only in the background after successful authentication.
GPC-15155	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the language was set to Japanese, the password field for disabling the app was not properly displayed.
GPC-15073	A fix was made to address an OpenSSL infinite loop vulnerability in GlobalProtect app software (CVE-2022-0778).
GPC-15062	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the connection became unstable when the user clicked the Click here or Retry button on the default browser page for SAML authentication.
GPC-15050	Fixed an issue where the GlobalProtect HIP check did not detect the Last Scan Date for Cortex XDR, which caused the device to fail the HIP check.
GPC-15030	Fixed an issue where the GlobalProtect app prompted users to re-enter the gateway login credentials even though the save-user credentials was configured.
GPC-15029	Fixed an issue where the GlobalProtect app displayed the incorrect copyright year on the app.
GPC-15017	Fixed an issue where GlobalProtect users were unable to connect using Connect Before Logon because the app got stuck during the SAML authentication stage.
GPC-14959	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect logs displayed password information when the password contained the (<) character.The password characters succeeding the (<) character were displayed in the logs.
GPC-14943	Fixed an issue where the GlobalProtect app connection failed after the app was upgraded to Windows 10 21H2.
GPC-14867	Fixed an issue where the GlobalProtect app could not connect to the Prisma Access gateway when a FQDN was used instead of an IP address in the Proxy Auto-Configuration (PAC) file.
GPC-14763	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the device displayed a blue screen when users tried to connect to the GlobalProtect app.
GPC-14732	Fixed an issue where the GlobalProtect app got disconnected after HIP check.
GPC-14609	Fixed an issue where the HIP check did not detect the Sentinel One RTP and definition date properly, which caused the HIP check to fail.
GPC-14578	Fixed an issue where, after connecting to GlobalProtect using Connect Before Logon (CBL) with SAML authentication, the GlobalProtect app kept opening and closing after the user logged in.
GPC-14572	Fixed an issue where GlobalProtect app users were prompted to re-enter the password when the connection was refreshed.This issue occurred only when the password contained non-English characters.
GPC-14278	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP report displayed encryption status even when the encryption feature was disabled.
GPC-14148	Fixed an issue where the Azure IDP page was not displayed properly when Connect Before Logon was used.
GPC-13939	Fixed an issue where multiple spelling and translation errors were observed in the GlobalProtect app for French localization.
GPC-13725	Fixed an issue where, during a transparent upgrade of the GlobalProtect app, if the system rebooted or woke up from hibernation, the upgrade failed due to competing resources between the system reboot and transparent upgrade. The previous version of the GlobalProtect app was completely uninstalled.

GlobalProtect App 5.2.12 Addressed Issues (iOS only)

There were no addressed issues in GlobalProtect app 5.2.12 for iOS.

GlobalProtect App 5.2.11 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.11 for macOS, Windows, and Android

Issue ID	Description
GPC-14892	Fixed an issue where the users were unable to connect applications such as TESSY to a local database when GlobalProtect was connected.
GPC-14824	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect app tried to restore the gateway connection even when the device was on Modern Standby mode. The users were prompted to authenticate using multi-factor authentication (MFA) authentication.
GPC-14792	Fixed an issue where, when Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to login to the endpoint, the users could not authenticate as the authentication process stopped when redirected to the organization’s sign-in page.
GPC-14716	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the Autonomous Digital Experience Management (ADEM) was not enabled in the app, the agent took more time than expected to establish a connection.
GPC-14691	Fixed an issue where the GlobalProtect IPV6 static route for the gateway was getting removed shortly after establishing the connection causing unexpected GlobalProtect disconnections.
GPC-14686	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect credentials that were saved earlier were lost when the user faced network connectivity issues and the users had to re-enter the credentials.
GPC-14672	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and No direct access to local network option was enabled with access routes excluded from the GlobalProtect VPN tunnel, the excluded traffic was not sent through the physical adapter on the endpoint. Following this, the users were unable to access the local physical network devices such as printers.
GPC-14671	Fixed an issue where the GlobalProtect agent (PanGPA) stopped running when Client Certificate authentication along with SAML authentication method was used to authenticate users. This issue resulted in GlobalProtect connection failures.
GPC-14659	Fixed an issue where, when the user entered their credentials in the Connect Before Logon SAML authentication page, a blank screen was displayed instead of prompting the users to authenticate using a Two-Factor Authentication (2FA) authentication method as expected.
GPC-14651	Fixed an issue where the GlobalProtect HIP check did not detect patch management properly, which caused the device to fail the HIP check.
GPC-14650	Fixed an issue where, when pre-logon was configured for the GlobalProtect app, the users were still prompted to authenticate using multi-factor authentication (MFA) during the GlobalProtect gateway pre-logon stage.
GPC-14649	Fixed an issue where, when the GlobalProtect app was installed on devices running on macOS High Sierra and split tunnel was configured to exclude application traffic such as Microsoft Teams and Zoom, some excluded traffic was still being forwarded through the tunnel.
GPC-14640	Fixed an issue where, when the GlobalProtect app was deployed for pre-logon, the GlobalProtect Enforcer remained enabled even after the app was disabled.
GPC-14616	Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version 10.0.3, which caused the device to fail the HIP check.
GPC-14611	Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for Windows Defender and McAfee Anti-Malware Detection, which caused the device to fail the HIP check.
GPC-14610	Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version 10.0.3, which caused the device to fail the HIP check.
GPC-14600	Fixed an issue where the GlobalProtect app did not detect real-time protection and the correct definition date and definition version for Microsoft Defender Advanced Threat Protection (ATP), which caused the device to fail the HIP check.
GPC-14583	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app failed to reconnect and continued to stay in the connecting state even after restarting the device.
GPC-14577	Fixed an issue where, when the GlobalProtect app was configured to use the end user’s default system browser for SAML authentication, the app displayed the following warning message while enrolling with PingID. Assignment to read-only properties is not allowed in strict mode.
GPC-14567	Fixed an issue where, when Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to log in to the endpoint, users were unable to complete the authentication process as the SAML login page got stuck after they entered their credentials.
GPC-14545	Fixed an issue where the GlobalProtect HIP check did not detect HCL BigFix version, which caused the device to fail the HIP check.
GPC-14528	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-14522	Fixed an issue where, when the GlobalProtect was configured with split tunnel to include traffic based on the destination domain by overriding the DNS server manually, the DNS queries were still being sent to the DHCP configured server.
GPC-14492	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude or include any application traffic that relied on the loopback connection source IP address, the split tunnel configuration based on the application did not work.
GPC-14488	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, a pop-up message Connected - You are securely connected to the corporate network was displayed and the message continued to stay on the screen even though the users tried to close it.
GPC-14469	Fixed an issue where, when the GlobalProtect app was installed on Windows devices with No direct access to local network option enabled on the gateway and split tunnel feature configured to exclude specific access routes, traffic for those access routes continued to go through the VPN tunnel.
GPC-14453	Fixed an issue where the TCP Option lookup for IP fragmented TCP packets caused the endpoint to lose access to internal resources.
GPC-14439	Fixed an issue where, when split tunnel was configured on the GlobalProtect app to exclude destination domain traffic that included a slash character (/) for sub-page domain names, the slash character (/) was not displayed in the sub-page domain names in the exception list.
GPC-14430	Fixed an issue where the GlobalProtect HIP check did not detect the Trend Micro Apex One Endpoint Security, which caused the device to fail the HIP check.
GPC-14405	Fixed an issue where, when the IPv6 Sinkhole feature was enabled to block the GlobalProtect app from accessing the local network devices using IPv6 address, the GlobalProtect gateway still allowed the GlobalProtect app to send IPV6 traffic to local network devices instead of blocking them.
GPC-14400	Fixed an issue where GlobalProtect HIP check incorrectly detected the encryption stage for Trend Micro Full Disk Encryption as ‘Unknown’.
GPC-14181	Fixed an issue where, when the GlobalProtect portal was set to authenticate users through Security Assertion Markup Language (SAML) authentication, the users were prompted to re-enter their credentials whenever they tried to connect to the GlobalProtect app even when the Authentication override cookie was enabled.
GPC-14125	Fixed an issue where, when the GlobalProtect service (PanGPS) stopped running unexpectedly causing IP address-to-username mapping issues on the firewall. Users were unable to create user-based access policies due to the issue.
GPC-14105	Fixed an issue where the GlobalProtect HIP check did not detect the real-time protection for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-14100	Fixed an issue where, when split tunnel was configured on the GlobalProtect gateway to include routes, the traffic which was not included was also sent over the VPN tunnel intermittently.
GPC-13970	Fixed an issue where DNS queries for excluded domains were sent out on both the GlobalProtect app virtual adapter and the device's physical adapter with the Split-Tunnel Option set to Both Network Traffic and DNS in the App Configurations area of the GlobalProtect portal configuration.
GPC-13878	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the correct definition version and definition date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13774	Fixed an issue where the GlobalProtect tunnel could not send traffic after the system woke up from sleep mode.
GPC-13561	Fixed an issue where the hamburger menu icon on the GlobalProtect app was not highlighted when the users selected the menu using the tab key on the keyboard. Users were unable to identify the difference whether they were using the menu or not since the highlight was not visible to them due to the issue.
GPC-12777	Fixed an issue where, when a device connected to GlobalProtect would establish an Remote Desktop Protocol (RDP) connection to another device connected to GlobalProtect, the RDP connection would time out and disconnect.

GlobalProtect App 5.2.10 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.10 for macOS, Windows, and Android.

Issue ID	Description
GPC-14251	Fixed an issue where the GlobalProtect HIP report displayed incorrect OS version Windows 10 instead of the correct version Windows 11.
GPC-14505	Fixed an issue where GlobalProtect users were prompted to install the Rosetta 2 compatibility package along with the GlobalProtect app on ARM64-based MacBook devices running macOS M1. The system prompted for Rosetta 2 installation despite the GlobalProtect app having native support for the M1 processor (ARM64, Apple silicon).
GPC-14276	Fixed an issue where the Check for Updates option in the GlobalProtect app failed to display the recent GlobalProtect version updates. The users had to refresh the GlobalProtect connection to get the latest version updates.
GPC-14181	Fixed an issue where, when the GlobalProtect portal was set to authenticate users through Security Assertion Markup Language (SAML) authentication, the users were prompted to re-enter their credentials whenever they tried to connect to the GlobalProtect app even when Authentication override cookie was enabled.
GPC-10200	Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in the connecting state. Users had to close and launch the GlobalProtect app again to establish the connection.

GlobalProtect App 5.2.9 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.9 for iOS, macOS, and Windows.

Issue ID	Description
GPC-14423	Fixed an issue where the GlobalProtect HIP check did not detect the correct status for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-14421	Fixed an issue where the GlobalProtect app continued to stay in the connecting state when users tried to log in to the gateway by entering their usernames without providing a password. Users were not prompted to re-enter credentials on authentication failure.
GPC-14389	Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Bitdefender Endpoint Security for macOS, which caused the device to fail the HIP check.
GPC-14388	Fixed an issue where the GlobalProtect HIP check did not correctly detect the Anti-Malware information for McAfee Endpoint Security on devices running macOS, which caused the devices to fail the HIP check.
GPC-14329	Fixed an issue where macOS devices were able to bypass the GlobalProtect tunnel using the physical adapter even when No direct access to local network was enabled.
GPC-14289	Fixed an issue where the Apple MacBook Pro failed to reconnect to the GlobalProtect app after hibernation.
GPC-14282	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch Management software for the Jamf Pro application, which caused the device to fail the HIP check.
GPC-14234	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app could not send the Kerberos SSO support properly during the pre-login stage.This issue resulted in two authentication prompts when devices were connected to a corporate network.
GPC-14223	Fixed an issue where the GlobalProtect app failed to fetch the configuration from the portal during the automatic configuration refresh.
GPC-14118	Fixed an issue where when SAML was used with the default browser for authentication, GlobalProtect could not establish a tunnel to the gateway with a cached portal configuration.
GPC-14104	Fixed an issue where DNS queries for excluded domains were sent out on both the GlobalProtect app virtual adapter and the device’s physical adapter with the Split-Tunnel Option set to Both Network Traffic and DNS in the App Configurations area of the GlobalProtect portal configuration.
GPC-14099	Fixed an issue where the GlobalProtect app for macOS allowed users to enter extra spaces after the portal IP address or FQDN, causing the connection to fail.
GPC-14089	Fixed an issue where the GlobalProtect app did not launch the SAML login page correctly to complete the authentication sequence.
GPC-14070	Fixed an issue where the GlobalProtect app did not detect real-time protection and the correct definition date for Microsoft Defender Advanced Threat Protection (ATP), causing the HIP check to fail.
GPC-14013	Fixed an issue where the GlobalProtect app displayed the wrong version when fetched from Workspace One.
GPC-14000	Fixed an issue where, when the GlobalProtect HIP check did not detect the Anti-Malware information for Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13978	Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-19977	Fixed an issue where the GlobalProtect user was unable to sign in to the portal by pressing the ‘Enter’ key after entering the credentials on the GlobalProtect embedded browser.
GPC-13963	Fixed an issue where the DNS UDP checksum was incorrectly calculated, causing latency in the GlobalProtect connection.
GPC-13939	Fixed an issue where multiple spelling and translation errors were observed in the GlobalProtect app for French localization.
GPC-13938	Fixed an issue where the GlobalProtect HIP check did not detect the correct details for Symantec Endpoint Protection on Windows endpoints, which caused the device to fail the HIP check.
GPC-13870	Fixed an issue where, when the GlobalProtect app was installed on ARM-based MacBook devices running macOS M1, the GlobalProtect app was unable to detect HIP information for Anti-Malware, Disk Backup, Disk Encryption, Firewall, and Patch Management.
GPC-13857	Fixed an issue where, if GlobalProtect was configured for domain-based split tunneling and the domain name resolved to the loopback address (127.0.0.1), the GlobalProtect app would disconnect on devices running macOS 11.5 or later.
GPC-13855	Fixed an issue where the GlobalProtect app for macOS was unable to detect Jamf version 10.31.0 in the HIP check, causing the endpoints to fail the HIP check.
GPC-13834	Fixed an issue where the GlobalProtect app did not start right away after a computer reboot.
GPC-13805	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect HIP report displayed encryption status as unencrypted even when encryption was complete.
GPC-13802	Fixed an issue that caused the GlobalProtect app to restart when using the MacBook keyboard to navigate through the GlobalProtect GUI.
GPC-13794	Fixed an issue where the GlobalProtect login screen displayed an incorrect Spanish translation.
GPC-13737	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the firewall state of McAfee Endpoint Security v10.7.0.1961.
GPC-13735	Fixed an issue where the GlobalProtect users on macOS 11 Big Sur were unable to use the Spotify application properly, when application-based split tunneling was configured on the gateway and Spotify was excluded from the VPN tunnel.
GPC-13705	Fixed an issue where the GlobalProtect HIP check did not correctly detect the McAfee DLP information on Windows 10 devices, which caused the devices to fail the HIP check.
GPC-13693	Fixed an issue where DNS resolution to internal host detection got delayed because of mDNS.
GPC-13674	Fixed an issue where GlobalProtect authentication failed when the SAML username contained special characters.
GPC-13668	Fixed an issue where the GlobalProtect HIP check did not detect the correct details for Cortex XDR, which caused the device to fail the HIP check.
GPC-13632	Fixed an issue where the GlobalProtect HIP check did not detect the details for Forcepoint Data Loss Prevention (DLP) and FireEye Advanced Malware, which caused the device to fail the HIP check.
GPC-13570	Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Sentinel Agent, which caused the device to fail the HIP check.
GPC-13569	Fixed an issue where the GlobalProtect HIP report displayed erroneous warning messages, such as whole disk encryption failed, after an upgrade.
GPC-13551	Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13420	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app consumed a large amount of storage space under Documents & Data.
GPC-13385	Fixed an issue where the GlobalProtect app took a long time to connect when the internal host detection DNS query failed.
GPC-13364	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect information for Signature Version and Last Updated for the Carbon Black Cloud application, which caused the device to fail the HIP check.
GPC-13346	Fixed an issue where the GlobalProtect app GUI would disappear to the system tray or menu bar during authentication prompts thereby preventing the users from entering their credentials.
GPC-13195	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish a connection for the second user using Security Assertion Markup Language (SAML) authentication when cookie authentication was configured on the portal.
GPC-13093	Fixed an issue where the upgrade to a newer version of GlobalProtect app failed if the Allow User to Uninstall GlobalProtect App (Windows Only) was set to Disallow or Allow with Password.
GPC-13008	Fixed an issue where, when the GlobalProtect app was installed on iOS devices and configured in Always-On mode, the app was unable to send the HIP report to the firewall after the device was turned off and turned on in locked mode. When the device was turned on in locked mode, users connected to the app in Always-On mode but GlobalProtect failed to send the HIP report to the firewall.
GPC-12777	Fixed an issue where the remote desktop connection via GlobalProtect tunnel got disconnected at times.

GlobalProtect App 5.2.8 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.8 for Windows, macOS, and Windows 10 UWP.

Issue ID	Description
GPC-13701	Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13683	Fixed an issue where, when the GlobalProtect app was installed on Windows (32-bit) devices and the portal was set up to authenticate end users through the default system browser for Security Assertion Markup Language (SAML) authentication, the default system browser for SAML authentication did not work as expected.
GPC-13680	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-13655	Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13641	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the status of Disk Encryption and the presence of Bitlocker Drive Encryption after upgrading to GlobalProtect app 5.2.6, which caused the device to fail the HIP check.
GPC-13640	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and configured with On-Demand mode, a new portal authentication including a RADIUS challenge caused the app to hang in Connecting state.
GPC-13637	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the status of Disk Encryption and the presence of Bitlocker Drive Encryption, which caused the device to fail the HIP check.
GPC-13622	Fixed an issue where, when the GlobalProtect app was enabled for FIPS-CC mode, the app failed to connect to the portal because the app attempted to perform an OCSP check for the root CA certificate.
GPC-13583	Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version, Malware Definition Date, and Last Full Scan Time for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13558	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the General tab of the GlobalProtect Settings panel displayed a spelling error when the system language was French.
GPC-13555	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app used the tunnel assigned IPv6 address as the source address for the physical interface for the excluded IPv6 traffic. This issue occurred when the physical adapter did not have any IPv6 addresses.
GPC-13551	Fixed an issue where the GlobalProtect HIP check did not detect the correct details of the Anti-Malware information for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13547	Fixed an issue where, when the GlobalProtect app was deployed for Pre-logon then On-demand, the pre-logon tunnel took 2-3 minutes to connect to GlobalProtect when switching from disconnecting to connecting states. With this fix, the pre-logon tunnel was able to connect to GlobalProtect without changing connection states.
GPC-13511	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP process (PanGpHip) completely stopped running after the GlobalProtect service (PanGPS) crashed.
GPC-13481	Fixed an issue where, where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date and the software version for the 360 security guard and 360 Antivirus, which caused the device to fail the HIP check.
GPC-13479	Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13466	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-13464	Fixed an issue where, when the GlobalProtect app was installed on non-English Windows devices, the GlobalProtect HIP check did not detect real-time protection for Cisco Advanced Malware Protection for Endpoints, which caused the device to fail the HIP check.
GPC-13432	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and another application with system extensions were installed, issues with web-browsing and network activity were observed.
GPC-13417	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the correct definition date for Kaspersky Endpoint Security, which caused the device to fail the HIP check.
GPC-13395	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and deployed for Pre-logon then On-demand with user initiated Pre-logon enabled, Start GlobalProtect Connection was displayed at the Windows login page when the system was locked. This option should be displayed only during a system restart or when users logged out from the device.
GPC-13389	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the user was unable to save the gateway as the Preferred Gateway because this setting was removed from the Windows registry after a system reboot.
GPC-13384	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the embedded browser (WKWebView) did not send the client certificate to the SAML identity provider configured with mutual TLS authentication.
GPC-13354	Fixed an issue where, where the GlobalProtect HIP check did not detect the correct details of the Malware Definition Version and the Malware Definition Date for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13276	Fixed an issue where when the GlobalProtect app was installed on ARM-based and Intel-based MacBooks, the app continued to stay in connecting state after the device woke up from sleep mode.
GPC-13208	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel (optimized split tunneling) was configured to exclude any application traffic that relied on the loopback connection source IP address to be 127.0.0.1, the excluded application did not work as expected.
GPC-13158	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the blue screen was displayed on the device after users logged in and connected to the app.
GPC-13036	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and exclusions for destination domain traffic were not enforced, the app did not open the browser for SAML authentication that was blocked by the GlobalProtect enforcer.
GPC-12699	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was not disconnected from the tunnel when a user removed a smart card even when Retain Connection on Smart Card Removal was set to No in the GlobalProtect portal configuration.

GlobalProtect App 5.2.8 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.8 for iOS.

Issue ID	Description
GPC-12982	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the connection on an IPv6 LTE network.
GPC-12847	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, users were prompted multiple times to enter their user credentials.
GPC-12005	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed a connection failed error message and the device was reconnecting by itself to GlobalProtect.

GlobalProtect App 5.2.7 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.7 for Windows, macOS, and Android.

Issue ID	Description
GPC-13501	Fixed an issue where, when the GlobalProtect app was deployed on managed Android devices through a mobile device management (MDM) system such as Microsoft Intune, the app was unable to automatically fetch a certificate after upgrading from GlobalProtect app 5.2.5 to GlobalProtect app 5.2.6.
GPC-13479	Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Date for the Carbon Black Cloud Sensor, which caused the device to fail the HIP check.
GPC-13453	Fixed an issue where after a Fresh Install of GlobalProtect app 5.2.6 and using the embedded browser for Security Assertion Markup Language (SAML) authentication, authentication failed due to a script error when end users attempted to access the identity provider (IdP) web page. With this fix, after you installed GlobalProtect app 5.2.7, end users can access the idP web page using the embedded browser for SAML authentication without any script errors and connect to GlobalProtect.
GPC-13452	Fixed an issue where after upgrading to GlobalProtect 5.2.6, the GlobalProtect client on the end user’s endpoint did not connect to the Best Available gateway.
GPC-13446	Fixed an issue in GlobalProtect app for Android devices where the documented syntax of app_list key for Per-App VPN was not in sync with the App.
GPC-13367	Fixed a performance issue where the GlobalProtect HIP process (PanGpHip) caused high CPU usage on devices.
GPC-13366	Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, the GlobalProtect HIP check did not detect the correct definition version, definition date, and year for the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13364	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect information for Signature Version and Last Updated for the Carbon Black Cloud application, which caused the device to fail the HIP check.
GPC-13303	Fixed an issue where the GlobalProtect HIP check did not detect the Anti-Malware information for the Malware Definition Version and Malware Definition Date for the FireEye Endpoint Agent, which caused the device to fail the HIP check.
GPC-13275	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, the GlobalProtect HIP check did not detect the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-13254	Fixed an issue where the GlobalProtect HIP check did not detect did not detect real-time protection for Traps version 4.2.3.41131, which caused the device to fail the HIP check.
GPC-13206	Fixed an issue where the GlobalProtect app was configured to exclude application traffic such as Cisco Webex for split tunnel, excluded traffic was still forwarded through the tunnel. This issue occurred when the Pre-logon Tunnel Rename Timeout value was set to -1 in the GlobalProtect portal configuration.
GPC-13203	Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices and if the Exceptions to Enforce GlobalProtect list was configured with a subnet, existing connections to those hosts were not allowed even when the Enforcer status was enabled.
GPC-13188	Fixed an issue where, when the GlobalProtect tunnel was established on macOS devices, the default route was installed before the excluded routes and then excluded traffic leaked into the tunnel periodically.
GPC-13186	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct ESET Endpoint Antivirus definition version.
GPC-13164	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and when the tunnel disconnected and reestablished immediately, the split tunnel configuration based on the application was not adhered.
GPC-13155	Fixed an issue where the GlobalProtect app received a notification when the connection falls back from IPSec to SSL even after setting Display IPSec to SSL Fallback Notification to No to disable the app from displaying the notification.
GPC-13151	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, end users were unable to access the internal domains when split tunnel based on the destination domain was configured with port 53.
GPC-13150	Fixed an issue where the GlobalProtect HIP check did not detect the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-13138	Fixed an issue where, after upgrading to GlobalProtect 5.2.6, the GlobalProtect HIP report was not complete, which caused the GlobalProtect client host device to fail the HIP check.
GPC-13120	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina, the Configurable Maximum Transmission Unit for GlobalProtect Connections feature did not support fallback to kernel extension mode.
GPC-13105	Fixed an issue where the GlobalProtect client version was transparently upgraded even when Allow User to Upgrade GlobalProtect was changed to Disallow from Allow Transparently.
GPC-13089	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the Choose An Identity pop-up prompted end users to Select a valid client certificate to connect to GlobalProtect even when the certificate-store-lookup value was set to machine on the GlobalProtect portal.
GPC-13084	Fixed an issue where, when the GlobalProtect app was installed macOS devices, did not detect the correct state for the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-13064	Fixed an issue where the PanGPA.log file displayed the user credentials in (clear-text) data when the SAML identity provider such as Enforce Enboard was used for portal and gateway authentication.
GPC-13061	Fixed an issue where the GlobalProtect service restarted multiple times when DLSA was configured in a dual stack environment.
GPC-13057	Fixed an issue where the Server Name Indication (SNI) was not set in the requests used for the HIP reports and client logout messages.
GPC-13051	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app displayed that the end user was connected to the corporate network even when their device was not connected to Internal Network.
GPC-13045	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the HIP check process was delayed and the tunnel was disconnected after 3 hours.
GPC-13032	Fixed an issue where the GlobalProtect HIP check was unable to detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application.
GPC-13031	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the gateway did not generate the HIP report within a reasonable time period after upgrading to GlobalProtect app 5.2.5-c84.
GPC-12996	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app failed to connect to the GlobalProtect gateway using a cached configuration if the GlobalProtect portal was unreachable using client certificate authentication.
GPC-12995	Fixed an issue where the GlobalProtect app displayed the following HIP notification even when Forcepoint Data Loss Prevention (DLP) was installed: Forcepoint DLP agent is not installed into your system.
GPC-12993	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and the default browser was used for SAML authentication, the app opened the default browser for SAML authentication twice.
GPC-12971	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and configured in a full tunnel deployment, the GlobalProtect virtual adapter was activated with the default gateway set to 0.0.0.0. Starting with GlobalProtect app 5.2.7, you can set a valid default gateway on the adapter using one of the following methods: Open the Windows Registry (enter regedit on the command prompt) and go to: HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings Right-click the Settings folder, then select NewString Value and enter fake-default-gateway string value. In the Value data field, enter yes. Use the Windows Installer (Msiexec) to add the FIXDEFAULTGATEWAY=”yes” Msiexec parameter during the installation.
GPC-12970	Fixed an issue where the GlobalProtect client was unable to establish a connection when the proxy domain name had the “HTTP” keyword.
GPC-12950	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and by changing the registry settings, the end user was able to connect to a different portal even when Allow User to Change Portal Address was set to No in the GlobalProtect portal configuration.
GPC-12916	Fixed an issue where the GlobalProtect HIP check excluded the Anti-Malware information for FireEye but some data was still collected from the FireEye agent and actions were performed on the data in PanGPHip.exe.
GPC-12903	Fixed an issue where, when the GlobalProtect app was installed on Windows devices while third-party software was running, the filter driver failed to load.
GPC-12900	Fixed an issue where the routing flags for the Address Resolution Protocol (ARP) route were not reverted once GlobalProtect was disconnected. This issue caused the third-party VPN connections to fail.
GPC-12781	Fixed an issue where, when the GlobalProtect app was deployed for pre-logon and if a pre-logon tunnel was not established, the subsequent gateway login using RADIUS two-factor authentication (2FA) failed.
GPC-12701	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app did not use the system proxy server to connect to the SAML identity provider.
GPC-12682	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Catalina, end users experienced issues when connecting to Zoom on the internal network.
GPC-12540	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the HIP Report was significantly delayed while checking information for the Windows Defender.
GPC-12527	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Carbon Black Response application.
GPC-12386	Fixed an issue where after a GlobalProtect connection was established, the network interface was detected as public instead of domain due to timer issue with Network Location Awareness (NLA).
GPC-11489	Fixed an issue where the GlobalProtect HIP check did not detect Patch Management information for the Microsoft Intune management extension software.

GlobalProtect App 5.2.7 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.7 for iOS.

Issue ID	Description
GPC-12585	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish a connection when the root CA certificate was configured in the portal configuration and also installed on the device.

GlobalProtect App 5.2.6 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.6 for Windows, macOS, Android, and Linux. Most of these addressed issues were in GlobalProtect app 5.2.5-c84 for Windows and macOS, which was a hotfix release.

Issue ID	Description
GPC-12956	Fixed an issue where, when the GlobalProtect app was installed on Android devices, users had to always manually select a certificate even when the certificate was pre-selected from AirWatch.
GPC-12914	When the GlobalProtect app installed on Windows and macOS devices are connected to gateways on PAN-OS 8.0 or earlier releases, the HIP report generated by GlobalProtect will no longer be sent to the gateway. When using GlobalProtect app 5.2.6 with gateways enabled on PAN-OS 8.0 or earlier releases, you should disable Collect HIP Data. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12899	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and when Save User Credentials was set to No, the username field was already populated with the username for the machine certificate when gateway authentication did not use certificate-based authentication. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12875	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, unusual DNS server entries were found after the system woke up.
GPC-12866	Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, users experienced multiple transparent software upgrade issues on the device.
GPC-12859	Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices, the PanGPS.log file flushed out quickly.
GPC-12854	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur and split tunnel was configured to exclude application traffic such as Zoom, some excluded traffic were still forwarded through the tunnel.
GPC-12853	Fixed an issue where the GlobalProtect app did not perform network discovery and reconnect to the internal network when the primary IP address was changed.
GPC-12841	Fixed an issue where, when the GlobalProtect app was installed on the end user’s device and System Center Configuration Manager (SCCM) was used to set the PORTAL and CANCHANGEPORTAL values to no from the Windows Installer (Msiexec), the end user was unable to connect to the app when logging in for the first time.
GPC-12832	Fixed an issue where the GlobalProtect pre-logon tunnel was unnecessarily disconnected when switching from pre-logon mode to user-logon mode. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12822	Fixed an issue where, the GlobalProtect HIP check did not detect the correct Disk Encryption for the Bitlocker Drive Encryption, which caused the device to fail the HIP check. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12819	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check took longer than expected to collect the HIP information for the Sentinel Agent anti-malware software leading up to an inaccurate HIP report. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12818	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Elastic Security Endgame Sensor 3.x Anti-Malware application, which caused the device to fail the HIP check.
GPC-12814	Fixed an issue where the GlobalProtect app displayed a script error instead of the GlobalProtect embedded browser Security Assertion Markup Language (SAML) login page when users tried to connect to the app through SAML authentication when Okta was used as the identity provider (ldP). This issue occurred after upgrading from GlobalProtect app 5.2.3 to GlobalProtect app 5.2.5.
GPC-12807	Fixed an issue where the GlobalProtect app was unable to establish a connection and the GlobalProtect service continuously restarted with an inactive message that was displayed on the GlobalProtect agent after a system reboot.
GPC-12797	Fixed an issue where, when the GlobalProtect app was installed on Android endpoints and users connect in user-logon mode, the VPN connection failed when users switched from an external network to an internal network.
GPC-12793	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and after the device was rebooted, the app attempted to connect but failed. As a result, users had to disconnect and then reconnect to the app.
GPC-12792	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Microsoft Defender ATP software, which caused the device to fail the HIP check.
GPC-12791	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct date and year for the Microsoft Defender ATP software, which caused the device to fail the HIP check.
GPC-12782	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was unable to translate the CA certificate that contained unicode characters for certificate authentication, and as a result, client certificate authentication failed.
GPC-12780	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.16 application, which caused the device to fail the HIP check.
GPC-12770	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the GlobalProtect HIP check did not detect the correct date and year for the Microsoft Defender ATP real-time protection, which caused the device to fail the HIP check.
GPC-12751	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the GlobalProtect HIP process (PanGpHip) crashed multiple times and the gateway was disconnected.
GPC-12748	Fixed an issue where the GlobalProtect authentication failed when the new password contained the (+) character.
GPC-12732	Fixed an issue where the GlobalProtect app displayed a script error instead of the GlobalProtect embedded browser Security Assertion Markup Language (SAML) login page when users tried to connect to the app through SAML authentication when Okta was used as the identity provider (ldP).
GPC-12731	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Save User Credentials was enabled, users were prompted for credentials for every alternate gateway authentication when SAML was used as the portal authentication.
GPC-12728	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Morphisec Protector software, which caused the device to fail the HIP check.
GPC-12720	Fixed an issue where, when the GlobalProtect app was installed on iOS devices and the portal was down or unreachable, the app displayed an error message when the app used the cached portal client configuration.
GPC-12716	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and after upgrading from GlobalProtect app 5.2.4 to GlobalProtect 5.2.5, the app attempted to reconnect when the connect method was set to On-Demand mode.
GPC-12714	Fixed an issue where, when the GlobalProtect app was installed on Windows, the app did not identify the firewall settings for Kaspersky Endpoint Security.
GPC-12689	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-12630	Fixed an issue where users established a GlobalProtect connection to Prisma Access but failed to connect to a manually selected Prisma Access gateway.
GPC-12607	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Resolve All FQDNs Using DNS Servers Assigned by the Tunnel was set to Yes, DNS resolution failed in a dual stack environment.
GPC-12603	Fixed an issue where users established a GlobalProtect connection to Prisma Access but failed to connect to a manually selected Prisma Access gateway when upgrading to GlobalProtect app 5.2.5.
GPC-12601	Fixed an issue where information about the manual gateway was included in the portal message in the PanGPA.log file.
GPC-12596	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Real-Time Protection status for the ESET Endpoint Antivirus, which caused the device to fail the HIP check.
GPC-12570	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured based on the destination domain, IPv6 traffic was forwarded through the tunnel.
GPC-12569	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the pre-logon tunnel was not renamed after users logged in to the device through SAML authentication.
GPC-12568	Fixed an issue where the GlobalProtect app displayed the following notification when Connect with SSL Only was enabled by you or the end user: The network connection is unreliable and GlobalProtect reconnected using an alternate method. You may experience slowness when accessing the internet or business applications. With this fix, this notification will display only when GlobalProtect falls back to using SSL after attempting IPSec. If you specified the amount of time (in hours) during which you want the GlobalProtect app to Automatically Use SSL When IPSec Is Unreliable for example 5 hours, the app will not display this notification during the specified time period because it will not attempt to establish an IPSec tunnel and instead establish an SSL tunnel.
GPC-12567	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the pre-logon tunnel was not renamed after users logged in to the device through SAML authentication.
GPC-12565	Fixed an issue where the GlobalProtect app did not display the proper authentication message for the login screen when the RSA token was not synchronized. This issue occurred when GlobalProtect was used with seamless RSA authentication.
GPC-12562	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the DNS short name resolution was not queried with all the DNS suffixes present on the client machine.
GPC-12559	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app delayed establishing a connection to the gateway for 90 seconds because of the delay in setting up the IP address on the virtual adapter.
GPC-12558	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7, the GlobalProtect HIP check did not detect the Carbon Black Cloud application, which caused the device to fail the HIP check.
GPC-12543	Fixed an issue where GlobalProtect parsed the external gateways from the portal configuration and each gateway was resolved individually and thereby increased the time to finish DNS resolution for all the external gateways. With this fix, GlobalProtect will now resolve only the first external gateway at the beginning of network discovery, and then resolve all the external gateways (auto discovery) at the same time. This can help to reduce the time for DNS resolution.
GPC-12507	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the character size of the pre-login page was difficult to read on high-resolution. With this fix, users now have the option to Zoom In, Zoom Out, and Restore Default Zoom when they connect to the app through SAML authentication using Okta as the ldP.
GPC-12499	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect agent restarted when the system extensions were loaded.
GPC-12466	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running 10.14.6, the GlobalProtect HIP check did not detect the Anti-Malware information for the Carbon Black Endpoint Detection and Response application, which caused the device to fail the HIP check.
GPC-12465	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect correct the Last Full Scan Time information for the Symantec Endpoint Protection, which caused the device to fail the HIP check.
GPC-12447	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur and when the pre-logon tunnel was established to the internal gateway, the Enforcer status was enabled.
GPC-12442	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the app failed to connect to the portal or gateway after upgrading from GlobalProtect app 5.0.9 to GlobalProtect 5.2.4.
GPC-12440	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Disk Encryption information for the enumerated disks, which caused the device to fail the HIP check.
GPC-12385	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.16 application, which caused the device to fail the HIP check.
GPC-12377	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app did not display the GlobalProtect system tray icon after the explorer.exe application was restarted from the Task Manager.
GPC-12356	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect tunnel was disconnected after the device woke up from Modern Standby mode.
GPC-12352	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Real-Time Protection status for the ESET Endpoint Antivirus, which caused the device to fail the HIP check.
GPC-12293	Fixed an issue where, the GlobalProtect HIP check did not detect the correct Last Full Scan Time information for SenitnelOne Antivirus 4.4.2, which caused the device to fail the HIP check.
GPC-12278	Fixed an issue where, when the GlobalProtect app was configured for split tunnel based on the destination domain, the fully qualified domain names were case-sensitive when the number of inclusions and exclusions added to the list was more than eight entries.
GPC-12265	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the user interface of the GlobalProtect agent was unresponsive when users were prompted to enter their one-time password (OTP).
GPC-12252	Fixed an issue where users were not prompted for their login credentials after using Remote Desktop Protocol (RDP) to connect to the GlobalProtect app and they were disconnected after the grace period expired.
GPC-12248	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the web interface did not display the normal window size when seamless soft-token authentication was used on a high display resolution (3840 X 2160) system. This issue occurred when the auth-api value was set to yes in the Windows registry. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12235	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and after the GlobalProtect agent was installed as the SYSTEM user through SCCM or Microsoft Intune, the repair message pops-up for modern devices and failure or reconnection message pop-ups for normal devices.
GPC-12212	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude application traffic such as Microsoft Teams and Zoom, some excluded traffic was still forwarded through the tunnel.
GPC-12190	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect enforcer blocked SAML authentication after the endpoint woke up from sleep mode. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-12041	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the correct Anti-Malware information for the Last Full Scan Time for Sophos Endpoint Protection, which caused the device to fail the HIP check.
GPC-11987	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and split tunnel was configured to exclude destination domain traffic that included a wildcard character (*) for domain names, excluded traffic is still forwarded through the tunnel.
GPC-11964	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the No direct access to local network option was enabled on the gateway, the default route was deleted for the interface to the local gateway when the IPv6 address was changed that caused GlobalProtect to disconnect.
GPC-11916	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed the The connection has failed error message when changing from WiFi to a LTE network.
GPC-11568	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, traffic was blocked for 25-45 seconds for some users while generating the HIP report.
GPC-11484	Fixed an issue where, when the GlobalProtect app was installed on Windows, macOS, and Linux devices, the HIP process collected information about all supported endpoint security software even when HIP Data Collection was configured on the portal to exclude categories, vendors, and products. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-11450	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 and Big Sur, client certificate authentication failed when using a common access card (CAC).
GPC-11367	Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cybereason. This addressed issue was not included in GlobalProtect 5.2.5-c84.
GPC-11311	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the output [1]+ Done $PANGPA start was displayed when users executed commands such as ls /etc/hostname or echo hi in the command prompt.
GPC-11281	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the app automatically switched to the graphics processor on the user’s device during SAML authentication.
GPC-10650	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the transparent software upgrade failed for the GlobalProtect app.

GlobalProtect App 5.2.6 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.6 for iOS.

Issue ID	Description
GPC-11916	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed The connection has failed error message when changing from WiFi to a LTE network.

GlobalProtect App 5.2.5 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.5 for Android, Chrome, Windows, macOS, and Linux.

Issue ID	Description
GPC-12353	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running Big Sur, the app was unable to establish a connection when the Netskope Client was installed on the system.
GPC-12266	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was disconnected from the tunnel and performed a network discovery after waking up from Modern Standby mode.
GPC-12264	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app failed to establish a connection when the SIP softphone client was installed on the system.
GPC-12243	Fixed an issue where, when the gateway was manually selected for the first time instead of the Best Available gateway, any subsequent connections to the Best Available gateway allowed end users to connect to the manually selected gateway rather than the Best Available gateway.
GPC-12203	Fixed an issue where the About GlobalProtect dialog did not display the copyright symbol when the system language was German.
GPC-12202	Fixed an issue where the Custom Password Expiration Message (LDAP Authentication Only) notification displayed grammatical errors when the system language was German.
GPC-12185	Fixed an issue where the GlobalProtect app detected two or more internal gateways and all the gateways required users to authenticate through SAML authentication, the app stopped all operations following SAML authentication with the first gateway.
GPC-12174	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS 10.15 or 11.0, the GlobalProtect HIP check did not detect the CrowdStrike Falcon application, which caused the device to fail the HIP check.
GPC-12173	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.11 application, which caused the device to fail the HIP check.
GPC-12154	Fixed an issue where the ADUC application and computer console experienced slowness after upgrading from GlobalProtect app 5.1.3 to 5.2.3.
GPC-12131	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the CrowdStrike 6.12 application, which caused the device to fail the HIP check.
GPC-12105	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and split tunnel was configured based on the application, some traffic did not follow the split tunnel configuration on applications such as Microsoft Teams.
GPC-12104	Fixed an issue where the GlobalProtect client on the end user’s endpoint did not connect to the Best Available gateway after the endpoint woke up from sleep mode. This issue occurred when SAML authentication was used and in the auto-scaled gateway scenario. With this fix, the GlobalProtect client can also connect to the Best Available gateway in the auto-scaled gateway scenario.
GPC-12097	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the clear text password was visible through a memory dump when using the system browser for SAML authentication.
GPC-12066	Fixed an issue where, when split tunnel was configured based on the destination domain and Both Network Traffic and DNS was selected, users experienced a delay when accessing the exclusions applied to the DNS traffic and the associated network application traffic for that domain.
GPC-12059	Fixed an issue where the default route for the tunnel was removed shortly after establishing the tunnel.
GPC-12050	Fixed an issue where the GlobalProtect HIP check did not correctly detect the Last Full Scan Time information for the Windows Defender on Windows endpoints, which caused the endpoints to fail the HIP check.
GPC-12044	Fixed an issue where, after the GlobalProtect app was upgraded to release 5.1.6, the GlobalProtect virtual adapter was unable to be setup properly when using laptop docking stations.
GPC-12043	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and used a smart card for client certificate authentication, the number of prompts used between the portals were different.
GPC-12031	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the whether the Firewall software was enabled, which caused the endpoints to fail the HIP check.
GPC-12015	Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Sophos Endpoint Protection.
GPC-12004	Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cisco Advanced Malware Protection (AMP).
GPC-11995	Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Sophos Endpoint Protection version 10.0.0.
GPC-11938	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the app was unable to automatically launch due to the Cannot connect to local GPD service error message.
GPC-11932	Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application.
GPC-11931	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect virtual interface adapter continued to stay enabled when connected to an internal network. Subsequently, the app failed to establish a tunnel connection with an external gateway on the external network due to the Failed to get default route entry error message, which caused the virtual adapter activation to fail.
GPC-11911	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the Custom Password Expiration Message (LDAP Authentication Only) notification is blank after you changed the message setting.
GPC-11876	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the command string for pre-vpn-connect or post-vpn-connect contained arguments with one or more whitespace characters, which caused the built-in GlobalProtect app upgrade to fail.
GPC-11875	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7, the GlobalProtect HIP check did not detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software application version 4.9.2, which caused the device to fail the HIP check.
GPC-11712	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch-Management software for the JAMF Pro software application, which caused the device to fail the HIP check.
GPC-11686	Fixed an issue where the HIP report did not contain the correct Last Full Scan Time information for the AVG Internet Security software.
GPC-11648	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect the Patch-Management software for the JAMF Pro software application, which caused the device to fail the HIP check.
GPC-11606	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Avast Antivirus software version 20.x. After upgrading from Antivirus software version 18.x, the GlobalProtect HIP check did detect the Avast Antivirus software version 20.x.
GPC-11460	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect HIP check did not detect the Anti-Malware information for the Last Full Scan Time for the McAfee Total Protection Antivirus software.
GPC-11440	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GlobalProtect agent stopped running after the device initially connected to the portal or gateway.
GPC-11367	Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Definition Version for Cybereason.

GlobalProtect App 5.2.5 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.5 for iOS.

Issue ID	Description
GPC-11888	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the connection on a 4G LTE network when the gateway was resolved to IPv6 only.
GPC-11684	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, VPN tunnel restoration was not supported when the portal was configured in Always On mode.
GPC-11633	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app displayed No available network even when the network was available.

GlobalProtect App 5.2.4 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.4 for Windows, macOS, Android, and Linux.

Issue ID	Description
GPC-12069	Fixed an issue where, when the GlobalProtect app was installed on Chromebooks, the selection criteria for the portal agent configuration failed when the OS configured in the Config Selection Criteria was specified as Chrome.
GPC-11989	Fixed an issue where SAML authentication was blocked because the GlobalProtect enforcer did not parse all the fully qualified domain names configured in the FQDN exclusions list.
GPC-11894	Fixed an issue where, when the GlobalProtect app was installed on Windows devices with the Resolve All FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only) set to Yes and after the portal configuration refresh interval timer was reached, the DNS queries were sent to both interfaces.
GPC-11865	Fixed an issue where the GlobalProtect Update pop-up dialog displayed grammatical errors.
GPC-11868	Fixed a rare issue where the PanGPS log file was not rotated and it caused the PanGPS.log file to consume a large amount of disk space.
GPC-11819	Fixed an issue where the GlobalProtect app could not properly exclude multicast routes specified in the exclude list.
GPC-11805	Fixed an intermittent issue where, when split tunnel was configured based on the destination domain and application, users were not allowed access to specific fully qualified domain names after changing the network.
GPC-11804	Fixed an issue where, when the GlobalProtect app was installed on Windows and macOS devices with the Split-Tunnel Option enabled for both network traffic and DNS, the DNS queries were sent to both interfaces.
GPC-11797	Fixed an issue where, when the GlobalProtect app was installed on macOS Big Sur devices and split tunnel was configured based on the application, the app was unable to connect to applications such as Zoom.
GPC-11792	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.7 or later, the app did not accept character input when using the on-screen Accessibility Keyboard required for remote learning.
GPC-11784	Fixed an issue where the GlobalProtect app was configured with Pre-logon then On-demand mode and if the network was changed or the network connection was lost during pre-logon tunnel mode, the pre-logon tunnel was not able to reconnect to the app after the machine was connected to the network.
GPC-11781	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app was disconnected from the tunnel after the Pre-logon Tunnel Rename Timeout expired even when users successfully authenticated to the gateway through either SAML authentication or RADIUS for two-factor authentication.
GPC-11777	Fixed an issue where the GlobalProtect app will not perform network discovery due to a network change event when the app was connected to the internal gateway without a tunnel connection.
GPC-11749	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, DNS resolution failed when the app was connected on Ubuntu 20.04.
GPC-11726	Fixed an issue where the GlobalProtect client continued to stay in connecting state even when SAML authentication was configured to establish a connection to the portal or gateway.
GPC-11723	Fixed an issue where, after you installed the GlobalProtect app on macOS devices using the client upgrade prompt, a kernel panic occurred on the macOS device.
GPC-11707	Fixed an issue where the GlobalProtect app continued to stay in connecting state after failing to meet the Config Selection Criteria configured on the portal following a successful SAML authentication.
GPC-11638	Fixed an issue where, when the GlobalProtect app was installed on Windows 10 devices and network connectivity was enabled in Modern Standby, the tunnel failed to be restored after waking up from sleep mode.
GPC-11587	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and Duo Security multi-factor authentication (MFA) was used to authenticate users through SAML authentication on the identity provider (ldP), the app did open an embedded browser using Connect Before Logon but the content incorrectly displayed.
GPC-10200	Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in connecting state. Users had to close and launch the app to establish the connection.

GlobalProtect App 5.2.4 Addressed Issues (iOS only)

The following table lists the issues that are addressed in GlobalProtect app 5.2.4 for iOS.

Issue ID	Description
GPC-11669	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app continued to stay in connecting state after changing the network type and failed to automatically reconnect.

GlobalProtect App 5.2.3 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.3 for Windows, macOS, Linux, and Android.

Issue ID	Description
GPC-11706	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect tunnel could not send traffic after the system woke up from sleep mode.
GPC-11694	Fixed an issue where the GlobalProtect tunnel was disconnected when the server sent packets greater than 1524.
GPC-11683	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect virtual interface was locally unreachable.
GPC-11660	Fixed an issue on the GlobalProtect agent when the response from the gateway pre-login included the error status and an empty message, but the GlobalProtect client was not expected to receive the response from the pre-login with the error status and an empty message. With this fix, the GlobalProtect client is configured to handle the error status and the empty message response from the gateway pre-login when the minimum version is set to TLSv1.2 in the SSL/TLS service profile.
GPC-11659	Fixed an issue where, when the GlobalProtect app was installed on Android devices, the gateway was randomly disconnected and users cannot reconnect until they force stop or force start the app.
GPC-11656	Fixed an issue where, after you upgraded the GlobalProtect app to release 5.2.1 or release 5.2.2 on macOS devices using the client upgrade prompt, a kernel panic occurred on the macOS device.
GPC-11644	Fixed an issue where the HIP report did not contain the correct Last Full Scan Time information for the AVG Internet Security software.
GPC-11643	Fixed an issue where, when the GlobalProtect app was installed on Android devices and when the Allow Authentication with User Credentials OR Client Certificate option was set to Yes on the portal, users were not able to authenticate to the portal with a valid client certificate. With this fix, users are now able to authenticate to the portal with a valid client certificate when the Allow Authentication with User Credentials OR Client Certificate option is set to Yes on the portal.
GPC-11637	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GUI version of GlobalProtect sometimes was unresponsive (for example, when the GNOME Shell was replaced).
GPC-11616	Fixed an issue where, when the GlobalProtect app was installed on macOS devices, the GlobalProtect HIP check did not detect Anti-Malware information for Sophos Endpoint Protection version 10.0.0.
GPC-11612	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the speed limit of the GlobalProtect adapter was set to a maximum of 100Mbps, With this fix, the speed limit of the GlobalProtect adapter is now set to a maximum of 2Gbps.
GPC-11603	Fixed an issue where, when the GlobalProtect Android app was installed on Chromebooks, the app identified the operating system as Android instead of Chrome.
GPC-11601	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the app was unable to establish the tunnel when the connection was on the mobile network.
GPC-11594	Fixed an issue where, when the GlobalProtect app was installed on Linux devices, the GUI version of GlobalProtect hangs when multiple terminals were launched (in a multi-user target) or when one terminal had to be launched for the GUI version to launch.
GPC-11569	Fixed an issue on Windows endpoints where, if the GlobalProtect app is configured with the Pre-logon (Always On) Connect Method with the Pre-logon Tunnel Rename Timeout value set to -1 (or any other value) and users disable the app and reboot their endpoint, the pre-logon tunnel is up after they login. After the system reboots, the app is disabled but the virtual interface is enabled. With this fix, the app and the virtual interface are disabled after a system reboot.
GPC-11538	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina, the GlobalProtect service restarted after a system reboot or when users logged out and logged in to the endpoint.
GPC-11530	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and the No direct access to local network option was enabled, users with administrator privileges were able to modify the routing table to bypass the VPN tunnel.
GPC-11529	Fixed an issue where Connect Before Logon using Security Assertion Markup Language (SAML) authentication was used to log in to the Windows 10 endpoint, users were able to launch the command prompt from the authentication web browser.
GPC-11527	Fixed an issue where, when the GlobalProtect app was installed on Windows endpoints and split tunnel was configured based on the application, handle leaks were observed by the GlobalProtect service.
GPC-11525	Fixed an issue where the GlobalProtect app failed to connect to the portal or gateway in the Prisma Access network through the proxy.
GPC-11524	Fixed an issue where, when the GlobalProtect app was deployed on managed Android devices through a mobile device management (MDM) system such as Microsoft Intune, the app hangs in Connecting state and the tunnel failed to be restored when users moved to a poor cell reception.
GPC-11489	Fixed an issue where the GlobalProtect HIP check did not detect Patch Management information for the Microsoft Intune management extension software.
GPC-11478	Fixed an issue where, when the GlobalProtect app was installed on macOS devices and the No direct access to local network option was enabled on the gateway, the access route to the default gateway was not properly masked.
GPC-11466	Fixed an issue on Windows 10 endpoints where the Active Directory Users and Computers (ADUC) application experienced high latency when users established a GlobalProtect connection.
GPC-11461	Fixed an issue where, after you upgraded and installed the GlobalProtect app, the app was unable to connect to the gateway due to the Failed to get default route entry error message.
GPC-11448	Fixed an issue where the GlobalProtect app was unable to establish a connection to the gateway because the fully qualified domain name (FQDN) specified for the gateway mapped to a different IP address during network discovery and pre-login. With this fix, the app performed a network discovery again and connected to the Best Available gateway.
GPC-11402	Fixed an issue where, when the GlobalProtect app was installed on Windows endpoints, the app was disconnected from the VPN tunnel after the pre-logon tunnel grace period expired even when users logged in to the endpoint and the pre-logon tunnel was successfully renamed. This issue occurred when two-factor authentication (2FA) was used.
GPC-11393	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the app performed a second network discovery after gateway authentication was successful. This issue resulted in two authentication prompts (for example, the SAML authentication type) right after waking up from sleep mode.
GPC-11395	Fixed an issue where, when the GlobalProtect app was installed on macOS devices running macOS Catalina 10.15.4, the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-11370	Fixed an issue where the GlobalProtect app selected the geographically distant gateway instead of the gateway with the faster response time. With this fix, the Best Available gateway is now determined by the assigned weight of the gateway.
GPC-11349	Fixed an issue where the GlobalProtect HIP check incorrectly detected the Anti-Malware information for the Engine Version, Definition Version, and Date for the CrowdStrike Falcon application.
GPC-11346	Fixed an issue where portal authentication failed due to the authentication failure during the GlobalProtect App Config Refresh configuration, which caused users to be locked out of the RSA device.
GPC-11218	Fixed an issue where the GlobalProtect HIP check did not detect Symantec Endpoint Protection 14.3 real-time protection, which caused the device to fail the HIP check.
GPC-11173	Fixed an issue where the GlobalProtect app was configured with On-Demand mode and continued to stay in connecting state even when manually switching to a different gateway failed. With this fix, the app will now display an error message when switching to a different gateway failed.
GPC-11084	Fixed an issue where, when the GlobalProtect app was connected on Linux endpoints, the DNS content was removed from the resolv.conf file found in the /etc folder because the network was interrupted.
GPC-10954	Fixed an issue in GlobalProtect for macOS endpoints where installing or upgrading the package using a MDM system such as JAMF Pro resulted in a GlobalProtect app initialization failure.
GPC-10934	Fixed an issue where the original DNS suffixes were removed from the client machine and only the DNS suffixes from the gateway were applied.
GPC-10831	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect service modified the DNS suffix system list even when the gateway pushed an empty DNS suffix list.
GPC-10200	Fixed an issue where, when the GlobalProtect app was installed on Android devices, the app failed to reconnect and continued to stay in connecting state. Users had to close and launch the app to establish the connection.

GlobalProtect App 5.2.2 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.2 for Windows, macOS, and iOS.

Issue ID	Description
GPC-11531	Fixed an issue where, when the GlobalProtect app was installed on iOS devices, the GlobalProtect service was started multiple times when users initiated the VPN connection from the iOS VPN settings.
GPC-11479	Fixed an issue where the GlobalProtect app took more than 2 minutes to establish a connection when users installed the app for the fist time on macOS endpoints running macOS Catalina 10.15.4 or later. This issue occurred when the administrator did not select the GlobalProtect System Extensions check box during the installation.

GlobalProtect App 5.2.1 Addressed Issues

The following table lists the issues that are addressed in GlobalProtect app 5.2.1 for Windows, macOS, Linux, Android, and iOS.

Issue ID	Description
GPC-10476	Fixed an issue where in high bandwidth environments, the download speed through the GlobalProtect connection was slower than the upload speed.
GPC-11464	Fixed an issue where, when the GlobalProtect app was deployed for Android on managed Chromebooks using the Google Admin console, the app disconnected and reconnected because the same managed configuration file was pushed from the Google Admin Console multiple times.
GPC-11417	Fixed an issue for Android on Chromebooks where, if the GlobalProtect app was configured with the Always On connect method, the app did not automatically connect to the portal after users rebooted the system.
GPC-11348	Fixed an issue where, when the GlobalProtect app was installed on Windows devices, the GlobalProtect client failed to rename the pre-logon tunnel to the user tunnel when SAML was used to authenticate users.
GPC-11347	Fixed an issue where, when the GlobalProtect app was installed on Windows devices and a connection was established, high CPU usage (around 30 percent) was detected for the system process.
GPC-10881	Fixed an issue, when the GlobalProtect app was installed on iOS devices with Always On mode as part of the VPN profile, the app frequently reported authentication errors. This issue occurred when the portal cache configuration was not saved successfully.
GPC-9982	Fixed an issue, when the GlobalProtect app was installed on macOS endpoints running macOS Catalina 10.15 or later and HIP checks were enabled, the macOS endpoint displayed additional pop-ups to the user when GlobalProtect requested to access your Desktop, Documents, and Downloads folders.

GlobalProtect App 5.2 Known Issues

Getting Help