GlobalProtect
Addressed Issues in GlobalProtect App 5.2
Table of Contents
Addressed Issues in GlobalProtect App 5.2
See the list of addressed issues in GlobalProtect app
5.2 for Android, iOS, Chrome, Windows, Windows 10 UWP, and macOS.
The following topic describes the issues addressed in
GlobalProtect app 5.2 for Android, iOS, Chrome, Windows, Windows
10 UWP, macOS, and Linux.
- GlobalProtect App 5.2.13-c418 Addressed Issues
- GlobalProtect App 5.2.13 Addressed Issues
- GlobalProtect App 5.2.12 Addressed Issues
- GlobalProtect App 5.2.12 Addressed Issues (iOS only)
- GlobalProtect App 5.2.11 Addressed Issues
- GlobalProtect App 5.2.10 Addressed Issues
- GlobalProtect App 5.2.9 Addressed Issues
- GlobalProtect App 5.2.8 Addressed Issues
- GlobalProtect App 5.2.8 Addressed Issues (iOS only)
- GlobalProtect App 5.2.7 Addressed Issues
- GlobalProtect App 5.2.7 Addressed Issues (iOS only)
- GlobalProtect App 5.2.6 Addressed Issues
- GlobalProtect App 5.2.6 Addressed Issues (iOS only)
- GlobalProtect App 5.2.5 Addressed Issues
- GlobalProtect App 5.2.5 Addressed Issues (iOS only)
- GlobalProtect App 5.2.4 Addressed Issues
- GlobalProtect App 5.2.4 Addressed Issues (iOS only)
- GlobalProtect App 5.2.3 Addressed Issues
- GlobalProtect App 5.2.2 Addressed Issues
- GlobalProtect App 5.2.1 Addressed Issues
GlobalProtect App 5.2.13-c418 Addressed Issues
This release contains security-related fixes.
GlobalProtect App 5.2.13 Addressed Issues
The following table lists the issues that are addressed in GlobalProtect app 5.2.13
for macOS and Windows.
Issue ID
|
Description
|
---|---|
GPC-16878 |
Fixed an issue where the GlobalProtect HIP check incorrectly
detected Definition Version for Cortex XDR, which caused the
device to fail the HIP check.
|
GPC-16713 |
Fixed an issue where Connect Before Logon
would unexpectedly fall back to username and
password authentication after a failed SAML authentication
attempt to the gateway.
|
GPC-16601 |
Fixed an issue where connect before logon would get stuck at
Connecting if on an internal
network with internal gateways.
|
GPC-16495 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS, the GlobalProtect cookie stopped working
when CIS Benchmark 5.1.1 (Center for Internet Security) was
applied for mac OS 12 Monterey to safeguard internet
services.
|
GPC-16449 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS with split tunnel based on domain, the
split tunnel did not work as expected after the system woke up
from sleep mode.
|
GPC-16346 |
Fixed an issue where, when the GlobalProtect app was installed on
Windows devices, the GlobalProtect HIP check took longer than
expected to collect the HIP information and also displayed HIP
pop-up error messages for antivirus software, which caused the
device to fail the HIP check.
|
GPC-16289 |
Fixed an issue where, when the GlobalProtect app was configured
with split tunnel to exclude traffic, users could not access the
excluded Airtel 4G PPP dongle application since the Airtel PPP
default traffic route was removed.
|
GPC-16144 |
Fixed an issue where the GlobalProtect app failed to detect Cisco
Secure Endpoint anti-malware software installed on the
device.
|
GPC-16135 |
Fixed an issue where the GlobalProtect app connection failed when
Windows 10 21H2 users tried to switch to another Windows user
account on the device.
|
GPC-16119 |
Fixed an issue where the GlobalProtect app was installed on
devices running macOS, the GlobalProtect HIP check failed to
detect the Real time protection status for Symantec Endpoint
Protection.
|
GPC-16056 |
Fixed an issue where GlobalProtect HIP check did not detect the
name of the Trellix Agent correctly which caused the device to
fail the HIP check.
|
GPC-16055 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS, the app did not display 'Authentication
Failed' when the user entered an incorrect RSA SecureID.
|
GPC-16029 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS, users were prompted for certificate
selection even when the Extended Key Usage OID for
Client Certificatewas configured in the App
Configurations area of the GlobalProtect portal
configuration.
|
GPC-15972 |
Fixed an issue where the GlobalProtect HIP check did not detect
the Real-Time Protection status correctly for the CrowdStrike
Falcon application, which caused the device to fail the HIP
check.
|
GPC-15933 |
Fixed an issue where, when the GlobalProtect app was installed
and connected on devices, the HIP check process was delayed and
the tunnel was disconnected after 2 hours.
|
GPC-15923 |
Fixed an issue where the GlobalProtect app did not detect
real-time protection status for Sophos Endpoint Protection,
which caused the device to fail the HIP check.
|
GPC-15812 |
Fixed an issue where the split tunnel feature did not work as
expected on devices running macOS Monterey 12.X and Chrome
Browser 104.0.5112.79
|
GPC-15699 |
Fixed an issue where the GlobalProtect HIP check did not detect
the McAfee antivirus software, causing the device to fail the
HIP check.
|
GPC-15686 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS, and when the user executed the command to
disable the app, a new line break was added after the timestamp
value in the command which caused parsing issues and created
incorrect GlobalProtect log messages.
|
GPC-15663 |
Fixed an issue where when the GlobalProtect app was deployed for
pre-logon and when users tried to change their Windows password,
users were prompted to enter only a new password. The app did
not prompt users to enter their old password while changing the
password.
|
GPC-15658 |
Fixed an issue where the GlobalProtect app was connected to a
different gateway and not the preferred gateway when the device
woke up from sleep mode. The users had to select the preferred
gateway manually to connect to the GlobalProtect app.
|
GPC-15636 |
Fixed an issue where the GlobalProtect HIP check failed to detect
the Real time protection status for Sophos Endpoint
Protection.
|
GPC-15631 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS and the app did not start right away after
a system reboot.
|
GPC-15592 |
Fixed an issue where the GlobalProtect HIP check failed to detect
the Definition Version for Sophos Endpoint Protection, which
caused the device to fail the HIP check.
|
GPC-15553 |
Fixed an issue where the GlobalProtect app got disconnected after
3 hours.
|
GPC-15548 |
Fixed an issue where users were unable to connect to the
GlobalProtect app when users restarted the device from the
hibernation mode.
|
GPC-15537 |
Fixed an issue where the GlobalProtect HIP check did not detect
the correct Anti-Malware information for the Last Full Scan Time
for Sophos Endpoint Protection, which caused the device to fail
the HIP check.
|
GPC-15485 |
Fixed an issue where the GlobalProtect HIP check did not detect
the Real-Time Protection status for the FireEye Endpoint Agent,
which caused the device to fail the HIP check.
|
GPC-15439 |
Fixed an issue where the GlobalProtect app was installed on iOS
devices and the GlobalProtect app failed to collect HIP data and
the Host Information tab on the device failed to display
information.
For the app to display the HIP information, user must update or
remove expired certificates from the system.
|
GPC-15424 |
Fixed an issue where, when the GlobalProtect app was installed on
Windows devices and when the user tried to start the
GlobalProtect app using Windows Start menu, the Windows
Installer (Msiexec) did not work as expected due to which the
app was getting reinstalled on the device.
|
GPC-15338 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS and when the GlobalProtect gateway was
configured to exclude routes, the excluded routes were removed
from the original routing table when users disconnected the
app.
|
GPC-15315 |
Fixed an issue where the GlobalProtect HIP check detected
incorrect Anti-Malware information for Definition Date for
Sophos Endpoint Protection.
|
GPC-15260 |
Fixed an issue where, when the GlobalProtect app was installed on
devices running macOS and GlobalProtect enforcer was configured
with allowed FQDNs, users were still able to access the internet
and other public domains.
|
GPC-15255 |
Fixed an issue where the GlobalProtect HIP check detected the
device as Windows firewall enabled even though the firewall was
disabled on the device.
|
GPC-15219 |
Fixed an issue where, when the GlobalProtect app was installed on
Windows devices and split tunnel was configured to exclude
application traffic for Zoom, excluded Zoom traffic was still
forwarded through the tunnel.
|
GPC-15205 |
Fixed an issue where the HIP check process stopped running and
the tunnel was disconnected after 3 hours.
|
GPC-15200 |
Fixed an issue where the GlobalProtect app did not save the
username after Kerberos SSO authentication following which the
app could not use the GlobalProtect cached portal configuration.
Users had to manually add the username to the Windows
registry.
|
GPC-15149 |
Fixed an issue where the GlobalProtect app got disconnected due
to an incorrect HIP check after the system woke up from sleep
mode or when the system was restarted.
|
GPC-15144 |
Fixed an issue where, when the GlobalProtect app was installed on
Windows 11, version 22 H2 devices, the HIP information for patch
management was not collected and the Patch Management section of
the Host Profile tab failed to display the HIP details.
|
GPC-15072 |
Fixed an issue where the GlobalProtect HIP check did not detect
the Anti-Malware information for Sophos Endpoint Protection and
Microsoft Monitoring Agent, which caused the device to fail the
HIP check.
|
GPC-15056 |
Fixed an issue where the users were not prompted for Multi-Factor
Authentication (MFA) even after entering their credentials using
IdP (Identity Providers).
|
GPC-14973 |
Fixed an issue where the GlobalProtect app stopped working
abruptly.
|
GPC-14770 |
Fixed an issue where the HIP check process stopped running and
the tunnel was disconnected after 3 hours.
|
GPC-14725 |
Fixed an intermittent issue where the users were unable to
connect to the GlobalProtect app, when the app used cached
portal configuration.
|
GPC-14672 |
Fixed an issue where, when the GlobalProtect app was installed on
macOS devices and No direct access to local network option was
enabled with access routes excluded from the GlobalProtect VPN
tunnel, the excluded traffic was not sent through the physical
adapter on the endpoint. Following this, users were unable to
access the local physical network devices such as printers.
|
GPC-14609 |
Fixed an issue where the HIP check did not detect the Sentinel
One RTP and definition date properly, which caused the HIP check
to fail.
|
GPC-14439 |
Fixed an issue where, when split tunnel was configured on the
GlobalProtect app to exclude destination domain traffic that
included a slash character (/) for sub-page domain names, the
slash character (/) was not displayed in the sub-page domain
names in the exception list.
|
GPC-13752 |
Fixed an issue where, when the GlobalProtect app was installed on
Windows devices, the SAML login page to authenticate Network
Discovery was not properly displayed.
|
GlobalProtect App 5.2.12 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.12 for macOS and Windows.
Issue ID | Description |
---|---|
GPC-15193 | Fixed an issue where the GlobalProtect app
failed to connect when the embedded browser was closed after Okta authentication. |
GPC-15179 | Fixed an issue where, when the No
Direct Access to local network option was enabled on GlobalProtect
gateway, the GlobalProtect users’ loopback interface network was
masked causing connection failure. |
GPC-15169 | Fixed an issue where, when the Allow GlobalProtect
UI to Persist for User Input was enabled and the machine
was restarted, the GlobalProtect app did not show up on the screen.
The browser directly opened the SAML login page and the app worked
only in the background after successful authentication. |
GPC-15155 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and the language was set to Japanese,
the password field for disabling the app was not properly displayed. |
GPC-15073 | A fix was made to address an OpenSSL infinite
loop vulnerability in GlobalProtect app software (CVE-2022-0778). |
GPC-15062 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the connection became unstable when
the user clicked the Click here or Retry button
on the default browser page for SAML authentication. |
GPC-15050 | Fixed an issue where the GlobalProtect HIP
check did not detect the Last Scan Date for Cortex XDR, which caused
the device to fail the HIP check. |
GPC-15030 | Fixed an issue where the GlobalProtect app
prompted users to re-enter the gateway login credentials even though
the save-user credentials was configured. |
GPC-15029 | Fixed an issue where the GlobalProtect app
displayed the incorrect copyright year on the app. |
GPC-15017 | Fixed an issue where GlobalProtect users
were unable to connect using Connect Before Logon because
the app got stuck during the SAML authentication stage. |
GPC-14959 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the GlobalProtect logs displayed password
information when the password contained the (<) character.The
password characters succeeding the (<) character were displayed
in the logs. |
GPC-14943 | Fixed an issue where the GlobalProtect app
connection failed after the app was upgraded to Windows 10 21H2. |
GPC-14867 | Fixed an issue where the GlobalProtect app
could not connect to the Prisma Access gateway when a FQDN was used instead
of an IP address in the Proxy Auto-Configuration (PAC) file. |
GPC-14763 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the device displayed a blue
screen when users tried to connect to the GlobalProtect app. |
GPC-14732 | Fixed an issue where the GlobalProtect app
got disconnected after HIP check. |
GPC-14609 | Fixed an issue where the HIP check did not
detect the Sentinel One RTP and definition date properly, which
caused the HIP check to fail. |
GPC-14578 | Fixed an issue where, after connecting to
GlobalProtect using Connect Before Logon (CBL) with
SAML authentication, the GlobalProtect app kept opening and closing after
the user logged in. |
GPC-14572 | Fixed an issue where GlobalProtect app users
were prompted to re-enter the password when the connection was refreshed.This
issue occurred only when the password contained non-English characters. |
GPC-14278 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP report displayed
encryption status even when the encryption feature was disabled. |
GPC-14148 | Fixed an issue where the Azure IDP page
was not displayed properly when Connect Before Logon was used. |
GPC-13939 | Fixed an issue where multiple spelling and
translation errors were observed in the GlobalProtect app for French localization. |
GPC-13725 | Fixed an issue where, during a transparent
upgrade of the GlobalProtect app, if the system rebooted or woke
up from hibernation, the upgrade failed due to competing resources between
the system reboot and transparent upgrade. The previous version
of the GlobalProtect app was completely uninstalled. |
GlobalProtect App 5.2.12 Addressed Issues (iOS only)
There were no addressed issues in GlobalProtect app
5.2.12 for iOS.
GlobalProtect App 5.2.11 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.11 for macOS, Windows, and Android
Issue ID | Description |
---|---|
GPC-14892 | Fixed an issue where the users were unable
to connect applications such as TESSY to a local database when GlobalProtect was
connected. |
GPC-14824 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect app tried
to restore the gateway connection even when the device was on Modern Standby
mode. The users were prompted to authenticate using multi-factor
authentication (MFA) authentication. |
GPC-14792 | Fixed an issue where, when Connect Before
Logon using Security Assertion Markup Language (SAML) authentication
was used to login to the endpoint, the users could not authenticate
as the authentication process stopped when redirected to the organization’s
sign-in page. |
GPC-14716 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and the Autonomous Digital Experience
Management (ADEM) was not enabled in the app, the agent took more
time than expected to establish a connection. |
GPC-14691 | Fixed an issue where the GlobalProtect IPV6
static route for the gateway was getting removed shortly after establishing
the connection causing unexpected GlobalProtect disconnections. |
GPC-14686 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect credentials
that were saved earlier were lost when the user faced network connectivity
issues and the users had to re-enter the credentials. |
GPC-14672 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and No direct access
to local network option was enabled with access routes excluded
from the GlobalProtect VPN tunnel, the excluded traffic was not
sent through the physical adapter on the endpoint. Following this,
the users were unable to access the local physical network devices
such as printers. |
GPC-14671 | Fixed an issue where the GlobalProtect agent
(PanGPA) stopped running when Client Certificate authentication
along with SAML authentication method was used to authenticate users.
This issue resulted in GlobalProtect connection failures. |
GPC-14659 | Fixed an issue where, when the user entered
their credentials in the Connect Before Logon SAML authentication page,
a blank screen was displayed instead of prompting the users to authenticate
using a Two-Factor Authentication (2FA) authentication method as
expected. |
GPC-14651 | Fixed an issue where the GlobalProtect HIP
check did not detect patch management properly, which caused the
device to fail the HIP check. |
GPC-14650 | Fixed an issue where, when pre-logon was
configured for the GlobalProtect app, the users were still prompted
to authenticate using multi-factor authentication (MFA) during the GlobalProtect
gateway pre-logon stage. |
GPC-14649 | Fixed an issue where, when the GlobalProtect
app was installed on devices running on macOS High Sierra and split
tunnel was configured to exclude application traffic such as Microsoft Teams
and Zoom, some excluded traffic was still being forwarded through
the tunnel. |
GPC-14640 | Fixed an issue where, when the GlobalProtect
app was deployed for pre-logon, the GlobalProtect Enforcer remained enabled
even after the app was disabled. |
GPC-14616 | Fixed an issue where the GlobalProtect HIP
check did not detect HCL BigFix version 10.0.3, which caused the
device to fail the HIP check. |
GPC-14611 | Fixed an issue where the GlobalProtect HIP
check did not detect the Anti-Malware information for Windows Defender
and McAfee Anti-Malware Detection, which caused the device to fail
the HIP check. |
GPC-14610 | Fixed an issue where the GlobalProtect HIP
check did not detect HCL BigFix version 10.0.3, which caused the
device to fail the HIP check. |
GPC-14600 | Fixed an issue where the GlobalProtect app
did not detect real-time protection and the correct definition date
and definition version for Microsoft Defender Advanced Threat Protection
(ATP), which caused the device to fail the HIP check. |
GPC-14583 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the app failed to reconnect
and continued to stay in the connecting state even after restarting
the device. |
GPC-14577 | Fixed an issue where, when the GlobalProtect
app was configured to use the end user’s default system browser
for SAML authentication, the app displayed the following warning
message while enrolling with PingID. Assignment
to read-only properties is not allowed in strict mode. |
GPC-14567 | Fixed an issue where, when Connect Before
Logon using Security Assertion Markup Language (SAML) authentication
was used to log in to the endpoint, users were unable to complete
the authentication process as the SAML login page got stuck after
they entered their credentials. |
GPC-14545 | Fixed an issue where the GlobalProtect HIP
check did not detect HCL BigFix version, which caused the device
to fail the HIP check. |
GPC-14528 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect Symantec Endpoint Protection 14.3 real-time protection, which
caused the device to fail the HIP check. |
GPC-14522 | Fixed an issue where, when the GlobalProtect
was configured with split tunnel to include traffic based on the destination
domain by overriding the DNS server manually, the DNS queries were
still being sent to the DHCP configured server. |
GPC-14492 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and split tunnel was configured
to exclude or include any application traffic that relied on the loopback
connection source IP address, the split tunnel configuration based
on the application did not work. |
GPC-14488 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, a pop-up message Connected
- You are securely connected to the corporate network was
displayed and the message continued to stay on the screen even though
the users tried to close it. |
GPC-14469 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices with No direct access to
local network option enabled on the gateway and split
tunnel feature configured to exclude specific access routes, traffic
for those access routes continued to go through the VPN tunnel. |
GPC-14453 | Fixed an issue where the TCP Option lookup
for IP fragmented TCP packets caused the endpoint to lose access
to internal resources. |
GPC-14439 | Fixed an issue where, when split tunnel
was configured on the GlobalProtect app to exclude destination domain
traffic that included a slash character (/) for sub-page domain
names, the slash character (/) was not displayed in the sub-page
domain names in the exception list. |
GPC-14430 | Fixed an issue where the GlobalProtect HIP
check did not detect the Trend Micro Apex One Endpoint Security,
which caused the device to fail the HIP check. |
GPC-14405 | Fixed an issue where, when the IPv6 Sinkhole
feature was enabled to block the GlobalProtect app from accessing
the local network devices using IPv6 address, the GlobalProtect
gateway still allowed the GlobalProtect app to send IPV6 traffic
to local network devices instead of blocking them. |
GPC-14400 | Fixed an issue where GlobalProtect HIP check
incorrectly detected the encryption stage for Trend Micro Full Disk
Encryption as ‘Unknown’. |
GPC-14181 | Fixed an issue where, when the GlobalProtect
portal was set to authenticate users through Security Assertion
Markup Language (SAML) authentication, the users were prompted to
re-enter their credentials whenever they tried to connect to the
GlobalProtect app even when the Authentication override cookie was enabled. |
GPC-14125 | Fixed an issue where, when the GlobalProtect
service (PanGPS) stopped running unexpectedly causing IP address-to-username
mapping issues on the firewall. Users were unable to create user-based
access policies due to the issue. |
GPC-14105 | Fixed an issue where the GlobalProtect HIP
check did not detect the real-time protection for the FireEye Endpoint
Agent, which caused the device to fail the HIP check. |
GPC-14100 | Fixed an issue where, when split tunnel
was configured on the GlobalProtect gateway to include routes, the
traffic which was not included was also sent over the VPN tunnel intermittently. |
GPC-13970 | Fixed an issue where DNS queries for excluded
domains were sent out on both the GlobalProtect app virtual adapter
and the device's physical adapter with the Split-Tunnel Option set
to Both Network Traffic and DNS in the App
Configurations area of the GlobalProtect portal configuration. |
GPC-13878 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the correct definition version and definition date
for the Carbon Black Cloud Sensor, which caused the device to fail
the HIP check. |
GPC-13774 | Fixed an issue where the GlobalProtect tunnel
could not send traffic after the system woke up from sleep mode. |
GPC-13561 | Fixed an issue where the hamburger menu
icon on the GlobalProtect app was not highlighted when the users
selected the menu using the tab key on the keyboard. Users were
unable to identify the difference whether they were using the menu
or not since the highlight was not visible to them due to the issue. |
GPC-12777 | Fixed an issue where, when a device connected
to GlobalProtect would establish an Remote Desktop Protocol (RDP) connection
to another device connected to GlobalProtect, the RDP connection
would time out and disconnect. |
GlobalProtect App 5.2.10 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.10 for macOS, Windows, and Android.
Issue ID | Description |
---|---|
GPC-14251 | Fixed an issue where the GlobalProtect HIP
report displayed incorrect OS version Windows 10 instead of the
correct version Windows 11. |
GPC-14505 | Fixed an issue where GlobalProtect users
were prompted to install the Rosetta 2 compatibility package along
with the GlobalProtect app on ARM64-based MacBook devices running macOS
M1. The system prompted for Rosetta 2 installation despite the GlobalProtect
app having native support for the M1 processor (ARM64, Apple silicon). |
GPC-14276 | Fixed an issue where the Check
for Updates option in the GlobalProtect app failed to display
the recent GlobalProtect version updates. The users had to refresh
the GlobalProtect connection to get the latest version updates. |
GPC-14181 | Fixed an issue where, when the GlobalProtect
portal was set to authenticate users through Security Assertion
Markup Language (SAML) authentication, the users were prompted to
re-enter their credentials whenever they tried to connect to the
GlobalProtect app even when Authentication override cookie was enabled. |
GPC-10200 | Fixed an issue where, when the GlobalProtect
app was installed on Android devices, the app failed to reconnect
and continued to stay in the connecting state. Users had to close
and launch the GlobalProtect app again to establish the connection. |
GlobalProtect App 5.2.9 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.9 for iOS, macOS, and Windows.
Issue ID | Description |
---|---|
GPC-14423 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct status for Sophos Endpoint Protection,
which caused the device to fail the HIP check. |
GPC-14421 | Fixed an issue where the GlobalProtect app
continued to stay in the connecting state when users tried to log
in to the gateway by entering their usernames without providing
a password. Users were not prompted to re-enter credentials on authentication
failure. |
GPC-14389 | Fixed an issue where the GlobalProtect HIP
check did not detect the Anti-Malware information for the Bitdefender
Endpoint Security for macOS, which caused the device to fail the
HIP check. |
GPC-14388 | Fixed an issue where the GlobalProtect HIP
check did not correctly detect the Anti-Malware information for
McAfee Endpoint Security on devices running macOS, which caused
the devices to fail the HIP check. |
GPC-14329 | Fixed an issue where macOS devices were
able to bypass the GlobalProtect tunnel using the physical adapter
even when No direct access to local network was enabled. |
GPC-14289 | Fixed an issue where the Apple MacBook Pro
failed to reconnect to the GlobalProtect app after hibernation. |
GPC-14282 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the Patch Management software for the Jamf Pro application,
which caused the device to fail the HIP check. |
GPC-14234 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the app could not send the Kerberos SSO
support properly during the pre-login stage.This issue resulted
in two authentication prompts when devices were connected to a corporate
network. |
GPC-14223 | Fixed an issue where the GlobalProtect app
failed to fetch the configuration from the portal during the automatic configuration
refresh. |
GPC-14118 | Fixed an issue where when SAML was used
with the default browser for authentication, GlobalProtect could
not establish a tunnel to the gateway with a cached portal configuration. |
GPC-14104 | Fixed an issue where DNS queries for excluded
domains were sent out on both the GlobalProtect app virtual adapter
and the device’s physical adapter with the Split-Tunnel Option set
to Both Network Traffic and DNS in the App
Configurations area of the GlobalProtect portal configuration. |
GPC-14099 | Fixed an issue where the GlobalProtect app
for macOS allowed users to enter extra spaces after the portal IP
address or FQDN, causing the connection to fail. |
GPC-14089 | Fixed an issue where the GlobalProtect app
did not launch the SAML login page correctly to complete the authentication sequence. |
GPC-14070 | Fixed an issue where the GlobalProtect app
did not detect real-time protection and the correct definition date
for Microsoft Defender Advanced Threat Protection (ATP), causing
the HIP check to fail. |
GPC-14013 | Fixed an issue where the GlobalProtect app
displayed the wrong version when fetched from Workspace One. |
GPC-14000 | Fixed an issue where, when the GlobalProtect
HIP check did not detect the Anti-Malware information for Malware
Definition Date for the Carbon Black Cloud Sensor, which caused
the device to fail the HIP check. |
GPC-13978 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct details of the Malware Definition
Version and Malware Definition Date for the CrowdStrike Falcon application, which
caused the device to fail the HIP check. |
GPC-19977 | Fixed an issue where the GlobalProtect user
was unable to sign in to the portal by pressing the ‘Enter’ key
after entering the credentials on the GlobalProtect embedded browser. |
GPC-13963 | Fixed an issue where the DNS UDP checksum
was incorrectly calculated, causing latency in the GlobalProtect connection. |
GPC-13939 | Fixed an issue where multiple spelling and
translation errors were observed in the GlobalProtect app for French localization. |
GPC-13938 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct details for Symantec Endpoint Protection
on Windows endpoints, which caused the device to fail the HIP check. |
GPC-13870 | Fixed an issue where, when the GlobalProtect
app was installed on ARM-based MacBook devices running macOS M1,
the GlobalProtect app was unable to detect HIP information for Anti-Malware,
Disk Backup, Disk Encryption, Firewall, and Patch Management. |
GPC-13857 | Fixed an issue where, if GlobalProtect was
configured for domain-based split tunneling and the domain name
resolved to the loopback address (127.0.0.1), the GlobalProtect
app would disconnect on devices running macOS 11.5 or later. |
GPC-13855 | Fixed an issue where the GlobalProtect app
for macOS was unable to detect Jamf version 10.31.0 in the HIP check,
causing the endpoints to fail the HIP check. |
GPC-13834 | Fixed an issue where the GlobalProtect app
did not start right away after a computer reboot. |
GPC-13805 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the GlobalProtect HIP report
displayed encryption status as unencrypted even when encryption
was complete. |
GPC-13802 | Fixed an issue that caused the GlobalProtect
app to restart when using the MacBook keyboard to navigate through
the GlobalProtect GUI. |
GPC-13794 | Fixed an issue where the GlobalProtect login
screen displayed an incorrect Spanish translation. |
GPC-13737 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the firewall state of McAfee Endpoint Security v10.7.0.1961. |
GPC-13735 | Fixed an issue where the GlobalProtect users
on macOS 11 Big Sur were unable to use the Spotify application properly,
when application-based split tunneling was configured on the gateway and
Spotify was excluded from the VPN tunnel. |
GPC-13705 | Fixed an issue where the GlobalProtect HIP
check did not correctly detect the McAfee DLP information on Windows
10 devices, which caused the devices to fail the HIP check. |
GPC-13693 | Fixed an issue where DNS resolution to internal
host detection got delayed because of mDNS. |
GPC-13674 | Fixed an issue where GlobalProtect authentication
failed when the SAML username contained special characters. |
GPC-13668 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct details for Cortex XDR, which caused
the device to fail the HIP check. |
GPC-13632 | Fixed an issue where the GlobalProtect HIP
check did not detect the details for Forcepoint Data Loss Prevention
(DLP) and FireEye Advanced Malware, which caused the device to fail
the HIP check. |
GPC-13570 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct details of the Anti-Malware information
for the Sentinel Agent, which caused the device to fail the HIP check. |
GPC-13569 | Fixed an issue where the GlobalProtect HIP
report displayed erroneous warning messages, such as whole disk
encryption failed, after an upgrade. |
GPC-13551 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct details of the Anti-Malware information
for the Carbon Black Cloud Sensor, which caused the device to fail
the HIP check. |
GPC-13420 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app consumed a large amount
of storage space under Documents & Data. |
GPC-13385 | Fixed an issue where the GlobalProtect app
took a long time to connect when the internal host detection DNS
query failed. |
GPC-13364 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect information for Signature Version and Last Updated
for the Carbon Black Cloud application, which caused the device
to fail the HIP check. |
GPC-13346 | Fixed an issue where the GlobalProtect app
GUI would disappear to the system tray or menu bar during authentication prompts
thereby preventing the users from entering their credentials. |
GPC-13195 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app was unable to establish
a connection for the second user using Security Assertion Markup Language
(SAML) authentication when cookie authentication was configured
on the portal. |
GPC-13093 | Fixed an issue where the upgrade to a newer
version of GlobalProtect app failed if the Allow User
to Uninstall GlobalProtect App (Windows Only) was set
to Disallow or Allow with Password. |
GPC-13008 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices and configured in Always-On mode,
the app was unable to send the HIP report to the firewall after
the device was turned off and turned on in locked mode. When the
device was turned on in locked mode, users connected to the app
in Always-On mode but GlobalProtect failed
to send the HIP report to the firewall. |
GPC-12777 | Fixed an issue where the remote desktop
connection via GlobalProtect tunnel got disconnected at times. |
GlobalProtect App 5.2.8 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.8 for Windows, macOS, and Windows 10 UWP.
Issue ID | Description |
---|---|
GPC-13701 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct details of the Anti-Malware information
for the Carbon Black Cloud Sensor, which caused the device to fail
the HIP check. |
GPC-13683 | Fixed an issue where, when the GlobalProtect
app was installed on Windows (32-bit) devices and the portal was
set up to authenticate end users through the default system browser
for Security Assertion Markup Language (SAML) authentication, the default
system browser for SAML authentication did not work as expected. |
GPC-13680 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Microsoft Defender ATP real-time protection,
which caused the device to fail the HIP check. |
GPC-13655 | Fixed an issue where, where the GlobalProtect
HIP check did not detect the correct details of the Malware Definition
Version and Malware Definition Date for
the CrowdStrike Falcon application, which caused the device to fail
the HIP check. |
GPC-13641 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the status of Disk Encryption and the
presence of Bitlocker Drive Encryption after upgrading to GlobalProtect
app 5.2.6, which caused the device to fail the HIP check. |
GPC-13640 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and configured with On-Demand mode,
a new portal authentication including a RADIUS challenge caused
the app to hang in Connecting state. |
GPC-13637 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the status of Disk Encryption and the
presence of Bitlocker Drive Encryption, which caused the device
to fail the HIP check. |
GPC-13622 | Fixed an issue where, when the GlobalProtect
app was enabled for FIPS-CC mode, the app failed to connect to the
portal because the app attempted to perform an OCSP check for the
root CA certificate. |
GPC-13583 | Fixed an issue where, where the GlobalProtect
HIP check did not detect the correct details of the Malware Definition
Version, Malware Definition Date,
and Last Full Scan Time for the CrowdStrike
Falcon application, which caused the device to fail the HIP check. |
GPC-13558 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the General tab
of the GlobalProtect Settings panel displayed a
spelling error when the system language was French. |
GPC-13555 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the app used the tunnel assigned
IPv6 address as the source address for the physical interface for
the excluded IPv6 traffic. This issue occurred when the physical adapter
did not have any IPv6 addresses. |
GPC-13551 | Fixed an issue where the GlobalProtect HIP
check did not detect the correct details of the Anti-Malware information
for the Carbon Black Cloud Sensor, which caused the device to fail
the HIP check. |
GPC-13547 | Fixed an issue where, when the GlobalProtect
app was deployed for Pre-logon then On-demand, the pre-logon tunnel took
2-3 minutes to connect to GlobalProtect when switching from disconnecting
to connecting states. With this fix, the pre-logon tunnel was able
to connect to GlobalProtect without changing connection states. |
GPC-13511 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP process (PanGpHip)
completely stopped running after the GlobalProtect service (PanGPS)
crashed. |
GPC-13481 | Fixed an issue where, where the GlobalProtect
HIP check did not detect the Anti-Malware information for
the Malware Definition Date and the software version for the 360
security guard and 360 Antivirus, which caused the device to fail
the HIP check. |
GPC-13479 | Fixed an issue where the GlobalProtect HIP
check did not detect the Anti-Malware information for the Malware
Definition Date for the Carbon Black Cloud Sensor, which caused
the device to fail the HIP check. |
GPC-13466 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the Anti-Malware information
for the FireEye Endpoint Agent, which caused the device to fail
the HIP check. |
GPC-13464 | Fixed an issue where, when the GlobalProtect
app was installed on non-English Windows devices, the GlobalProtect
HIP check did not detect real-time protection for Cisco Advanced Malware
Protection for Endpoints, which caused the device to fail the HIP
check. |
GPC-13432 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and another application with
system extensions were installed, issues with web-browsing and network activity
were observed. |
GPC-13417 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the correct definition date for Kaspersky Endpoint
Security, which caused the device to fail the HIP check. |
GPC-13395 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and deployed for Pre-logon
then On-demand with user initiated Pre-logon enabled, Start
GlobalProtect Connection was displayed at the Windows
login page when the system was locked. This option should be displayed
only during a system restart or when users logged out from the device. |
GPC-13389 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the user was unable to save
the gateway as the Preferred Gateway because
this setting was removed from the Windows registry after a system
reboot. |
GPC-13384 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the embedded browser (WKWebView) did
not send the client certificate to the SAML identity provider configured
with mutual TLS authentication. |
GPC-13354 | Fixed an issue where, where the GlobalProtect
HIP check did not detect the correct details of the Malware Definition
Version and the Malware Definition Date for
the CrowdStrike Falcon application, which caused the device to fail
the HIP check. |
GPC-13276 | Fixed an issue where when the GlobalProtect
app was installed on ARM-based and Intel-based MacBooks, the app continued
to stay in connecting state after the device woke up from sleep
mode. |
GPC-13208 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and split tunnel (optimized
split tunneling) was configured to exclude any application traffic
that relied on the loopback connection source IP address to be 127.0.0.1,
the excluded application did not work as expected. |
GPC-13158 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the blue screen was displayed
on the device after users logged in and connected to the app. |
GPC-13036 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and exclusions for destination domain
traffic were not enforced, the app did not open the browser for
SAML authentication that was blocked by the GlobalProtect enforcer. |
GPC-12699 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app was not disconnected
from the tunnel when a user removed a smart card even when Retain
Connection on Smart Card Removal was set to No in the
GlobalProtect portal configuration. |
GlobalProtect App 5.2.8 Addressed Issues (iOS only)
The following table lists the issues that are addressed
in GlobalProtect app 5.2.8 for iOS.
Issue ID | Description |
---|---|
GPC-12982 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app was unable to establish
the connection on an IPv6 LTE network. |
GPC-12847 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, users were prompted multiple times
to enter their user credentials. |
GPC-12005 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app displayed a connection
failed error message and the device was reconnecting by itself to GlobalProtect. |
GlobalProtect App 5.2.7 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.7 for Windows, macOS, and Android.
Issue ID | Description |
---|---|
GPC-13501 | Fixed an issue where, when the GlobalProtect
app was deployed on managed Android devices through a mobile device management
(MDM) system such as Microsoft Intune, the app was unable to automatically
fetch a certificate after upgrading from GlobalProtect app 5.2.5
to GlobalProtect app 5.2.6. |
GPC-13479 | Fixed an issue where the GlobalProtect HIP
check did not detect the Anti-Malware information
for the Malware Definition Date for the Carbon
Black Cloud Sensor, which caused the device to fail the HIP check. |
GPC-13453 | Fixed an issue where after a Fresh Install of
GlobalProtect app 5.2.6 and using the embedded browser for Security
Assertion Markup Language (SAML) authentication, authentication
failed due to a script error when end users attempted to access
the identity provider (IdP) web page. With this fix, after you installed
GlobalProtect app 5.2.7, end users can access the idP web page using
the embedded browser for SAML authentication without any script
errors and connect to GlobalProtect. |
GPC-13452 | Fixed an issue where after upgrading to
GlobalProtect 5.2.6, the GlobalProtect client on the end user’s
endpoint did not connect to the Best Available gateway. |
GPC-13446 | Fixed an issue in GlobalProtect app for
Android devices where the documented syntax of app_list key for
Per-App VPN was not in sync with the App. |
GPC-13367 | Fixed a performance issue where the GlobalProtect
HIP process (PanGpHip) caused high CPU usage on devices. |
GPC-13366 | Fixed an issue where, when the GlobalProtect
app was installed on Windows 10 devices, the GlobalProtect HIP check
did not detect the correct definition version, definition date,
and year for the CrowdStrike Falcon application, which caused the
device to fail the HIP check. |
GPC-13364 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect information for Signature Version and Last
Updated for the Carbon Black Cloud application, which
caused the device to fail the HIP check. |
GPC-13303 | Fixed an issue where the GlobalProtect HIP
check did not detect the Anti-Malware information
for the Malware Definition Version and Malware
Definition Date for the FireEye Endpoint Agent, which
caused the device to fail the HIP check. |
GPC-13275 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.7
and Big Sur, the GlobalProtect HIP check did not detect the Microsoft Defender
ATP real-time protection, which caused the device to fail the HIP
check. |
GPC-13254 | Fixed an issue where the GlobalProtect HIP
check did not detect did not detect real-time protection for Traps
version 4.2.3.41131, which caused the device to fail the HIP check. |
GPC-13206 | Fixed an issue where the GlobalProtect app
was configured to exclude application traffic such as Cisco Webex
for split tunnel, excluded traffic was still forwarded through the
tunnel. This issue occurred when the Pre-logon Tunnel
Rename Timeout value was set to -1 in
the GlobalProtect portal configuration. |
GPC-13203 | Fixed an issue where, when the GlobalProtect
app was installed on Windows 10 devices and if the Exceptions
to Enforce GlobalProtect list was configured with a
subnet, existing connections to those hosts were not allowed even
when the Enforcer status was enabled. |
GPC-13188 | Fixed an issue where, when the GlobalProtect
tunnel was established on macOS devices, the default route was installed before
the excluded routes and then excluded traffic leaked into the tunnel
periodically. |
GPC-13186 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the correct ESET Endpoint Antivirus definition version. |
GPC-13164 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and when the tunnel disconnected
and reestablished immediately, the split tunnel configuration based
on the application was not adhered. |
GPC-13155 | Fixed an issue where the GlobalProtect app
received a notification when the connection falls back from IPSec
to SSL even after setting Display IPSec to SSL Fallback Notification to No to
disable the app from displaying the notification. |
GPC-13151 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running Big Sur, end users were unable
to access the internal domains when split tunnel based on the destination
domain was configured with port 53. |
GPC-13150 | Fixed an issue where the GlobalProtect HIP
check did not detect the CrowdStrike Falcon application, which caused
the device to fail the HIP check. |
GPC-13138 | Fixed an issue where, after upgrading to
GlobalProtect 5.2.6, the GlobalProtect HIP report was not complete,
which caused the GlobalProtect client host device to fail the HIP check. |
GPC-13120 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina, the Configurable
Maximum Transmission Unit for GlobalProtect Connections feature
did not support fallback to kernel extension mode. |
GPC-13105 | Fixed an issue where the GlobalProtect client
version was transparently upgraded even when Allow User
to Upgrade GlobalProtect was changed to Disallow from Allow Transparently. |
GPC-13089 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the Choose An Identity pop-up
prompted end users to Select a valid client certificate
to connect to GlobalProtect even when the certificate-store-lookup value
was set to machine on the GlobalProtect portal. |
GPC-13084 | Fixed an issue where, when the GlobalProtect
app was installed macOS devices, did not detect the correct state
for the Microsoft Defender ATP real-time protection, which caused
the device to fail the HIP check. |
GPC-13064 | Fixed an issue where the PanGPA.log file
displayed the user credentials in (clear-text) data when the SAML
identity provider such as Enforce Enboard was used for portal and
gateway authentication. |
GPC-13061 | Fixed an issue where the GlobalProtect service
restarted multiple times when DLSA was configured in a dual stack environment. |
GPC-13057 | Fixed an issue where the Server Name Indication
(SNI) was not set in the requests used for the HIP reports and client
logout messages. |
GPC-13051 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the app displayed that the end
user was connected to the corporate network even when their device was
not connected to Internal Network. |
GPC-13045 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the HIP check process was
delayed and the tunnel was disconnected after 3 hours. |
GPC-13032 | Fixed an issue where the GlobalProtect HIP
check was unable to detect the Anti-Malware information
for the Last Full Scan Time for the McAfee
Total Protection Antivirus software application. |
GPC-13031 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the gateway did not generate
the HIP report within a reasonable time period after upgrading to GlobalProtect
app 5.2.5-c84. |
GPC-12996 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app failed to connect
to the GlobalProtect gateway using a cached configuration if the GlobalProtect
portal was unreachable using client certificate authentication. |
GPC-12995 | Fixed an issue where the GlobalProtect app
displayed the following HIP notification even when Forcepoint Data
Loss Prevention (DLP) was installed: Forcepoint DLP agent is not installed into your system. |
GPC-12993 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and the default browser was
used for SAML authentication, the app opened the default browser
for SAML authentication twice. |
GPC-12971 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and configured in a full tunnel deployment,
the GlobalProtect virtual adapter was activated with the default
gateway set to 0.0.0.0. Starting with GlobalProtect app 5.2.7, you
can set a valid default gateway on the adapter using one of the
following methods:
|
GPC-12970 | Fixed an issue where the GlobalProtect client
was unable to establish a connection when the proxy domain name
had the “HTTP” keyword. |
GPC-12950 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and by changing the registry settings,
the end user was able to connect to a different portal even when Allow
User to Change Portal Address was set to No in
the GlobalProtect portal configuration. |
GPC-12916 | Fixed an issue where the GlobalProtect HIP
check excluded the Anti-Malware information
for FireEye but some data was still collected from the FireEye agent and
actions were performed on the data in PanGPHip.exe. |
GPC-12903 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices while third-party software
was running, the filter driver failed to load. |
GPC-12900 | Fixed an issue where the routing flags for
the Address Resolution Protocol (ARP) route were not reverted once GlobalProtect
was disconnected. This issue caused the third-party VPN connections
to fail. |
GPC-12781 | Fixed an issue where, when the GlobalProtect
app was deployed for pre-logon and if a pre-logon tunnel was not established,
the subsequent gateway login using RADIUS two-factor authentication
(2FA) failed. |
GPC-12701 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app did not use the system proxy
server to connect to the SAML identity provider. |
GPC-12682 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running Catalina, end users experienced
issues when connecting to Zoom on the internal network. |
GPC-12540 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the HIP Report was significantly delayed
while checking information for the Windows Defender. |
GPC-12527 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Anti-Malware information
for the Carbon Black Response application. |
GPC-12386 | Fixed an issue where after a GlobalProtect
connection was established, the network interface was detected as
public instead of domain due to timer issue with Network Location
Awareness (NLA). |
GPC-11489 | Fixed an issue where the GlobalProtect HIP
check did not detect Patch Management information for the Microsoft
Intune management extension software. |
GlobalProtect App 5.2.7 Addressed Issues (iOS only)
The following table lists the issues that are addressed
in GlobalProtect app 5.2.7 for iOS.
Issue ID | Description |
---|---|
GPC-12585 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app was unable to establish
a connection when the root CA certificate was configured in the portal
configuration and also installed on the device. |
GlobalProtect App 5.2.6 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.6 for Windows, macOS, Android, and Linux.
Most of these addressed issues were in GlobalProtect app 5.2.5-c84
for Windows and macOS, which was a hotfix release.
Issue ID | Description |
---|---|
GPC-12956 | Fixed an issue where, when the GlobalProtect
app was installed on Android devices, users had to always manually
select a certificate even when the certificate was pre-selected
from AirWatch. |
GPC-12914 | When the GlobalProtect app installed on
Windows and macOS devices are connected to gateways on PAN-OS 8.0
or earlier releases, the HIP report generated by GlobalProtect will
no longer be sent to the gateway. When using GlobalProtect app 5.2.6
with gateways enabled on PAN-OS 8.0 or earlier releases, you should
disable Collect HIP Data. This addressed
issue was not included in GlobalProtect 5.2.5-c84. |
GPC-12899 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and when Save User Credentials was
set to No, the username field was already
populated with the username for the machine certificate when gateway
authentication did not use certificate-based authentication. This
addressed issue was not included in GlobalProtect 5.2.5-c84. |
GPC-12875 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.7
and Big Sur, unusual DNS server entries were found after the system
woke up. |
GPC-12866 | Fixed an issue where, when the GlobalProtect
app was installed on Windows 10 devices, users experienced multiple
transparent software upgrade issues on the device. |
GPC-12859 | Fixed an issue where, when the GlobalProtect
app was installed on Windows 10 devices, the PanGPS.log file flushed
out quickly. |
GPC-12854 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running Big Sur and split tunnel
was configured to exclude application traffic such as Zoom, some
excluded traffic were still forwarded through the tunnel. |
GPC-12853 | Fixed an issue where the GlobalProtect app
did not perform network discovery and reconnect to the internal
network when the primary IP address was changed. |
GPC-12841 | Fixed an issue where, when the GlobalProtect
app was installed on the end user’s device and System Center Configuration
Manager (SCCM) was used to set the PORTAL and CANCHANGEPORTAL values
to no from the Windows Installer (Msiexec), the
end user was unable to connect to the app when logging in for the first
time. |
GPC-12832 | Fixed an issue where the GlobalProtect pre-logon
tunnel was unnecessarily disconnected when switching from pre-logon
mode to user-logon mode. This addressed issue was not included
in GlobalProtect 5.2.5-c84. |
GPC-12822 | Fixed an issue where, the GlobalProtect
HIP check did not detect the correct Disk Encryption for
the Bitlocker Drive Encryption, which caused the device to fail
the HIP check. This addressed issue was not included in GlobalProtect 5.2.5-c84. |
GPC-12819 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
took longer than expected to collect the HIP information for the
Sentinel Agent anti-malware software leading up to an inaccurate
HIP report. This addressed issue was not included in GlobalProtect 5.2.5-c84. |
GPC-12818 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the Elastic Security Endgame Sensor 3.x Anti-Malware
application, which caused the device to fail the HIP check. |
GPC-12814 | Fixed an issue where the GlobalProtect app
displayed a script error instead of the GlobalProtect embedded browser
Security Assertion Markup Language (SAML) login page when users
tried to connect to the app through SAML authentication when Okta
was used as the identity provider (ldP). This issue occurred after
upgrading from GlobalProtect app 5.2.3 to GlobalProtect app 5.2.5. |
GPC-12807 | Fixed an issue where the GlobalProtect app
was unable to establish a connection and the GlobalProtect service
continuously restarted with an inactive message that was displayed
on the GlobalProtect agent after a system reboot. |
GPC-12797 | Fixed an issue where, when the GlobalProtect
app was installed on Android endpoints and users connect in user-logon
mode, the VPN connection failed when users switched from an external
network to an internal network. |
GPC-12793 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and after the device was rebooted,
the app attempted to connect but failed. As a result, users had
to disconnect and then reconnect to the app. |
GPC-12792 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Microsoft Defender ATP software, which caused
the device to fail the HIP check. |
GPC-12791 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the correct date and year for the Microsoft Defender
ATP software, which caused the device to fail the HIP check. |
GPC-12782 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app was unable to translate
the CA certificate that contained unicode characters for certificate authentication,
and as a result, client certificate authentication failed. |
GPC-12780 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the CrowdStrike 6.16 application, which caused the
device to fail the HIP check. |
GPC-12770 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running Big Sur, the GlobalProtect
HIP check did not detect the correct date and year for the Microsoft
Defender ATP real-time protection, which caused the device to fail
the HIP check. |
GPC-12751 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running Big Sur, the GlobalProtect
HIP process (PanGpHip) crashed multiple times and the gateway was disconnected. |
GPC-12748 | Fixed an issue where the GlobalProtect authentication
failed when the new password contained the (+) character. |
GPC-12732 | Fixed an issue where the GlobalProtect app
displayed a script error instead of the GlobalProtect embedded browser
Security Assertion Markup Language (SAML) login page when users
tried to connect to the app through SAML authentication when Okta
was used as the identity provider (ldP). |
GPC-12731 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and Save User Credentials was
enabled, users were prompted for credentials for every alternate
gateway authentication when SAML was used as the portal authentication. |
GPC-12728 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Anti-Malware information
for the Morphisec Protector software, which caused the device to
fail the HIP check. |
GPC-12720 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices and the portal was down or unreachable,
the app displayed an error message when the app used the cached
portal client configuration. |
GPC-12716 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and after upgrading from GlobalProtect
app 5.2.4 to GlobalProtect 5.2.5, the app attempted to reconnect
when the connect method was set to On-Demand mode. |
GPC-12714 | Fixed an issue where, when the GlobalProtect
app was installed on Windows, the app did not identify the firewall
settings for Kaspersky Endpoint Security. |
GPC-12689 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect Symantec Endpoint Protection 14.3 real-time protection,
which caused the device to fail the HIP check. |
GPC-12630 | Fixed an issue where users established a
GlobalProtect connection to Prisma Access but failed to connect
to a manually selected Prisma Access gateway. |
GPC-12607 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and Resolve All
FQDNs Using DNS Servers Assigned by the Tunnel was set
to Yes, DNS resolution failed in a dual stack environment. |
GPC-12603 | Fixed an issue where users established a
GlobalProtect connection to Prisma Access but failed to connect
to a manually selected Prisma Access gateway when upgrading to GlobalProtect
app 5.2.5. |
GPC-12601 | Fixed an issue where information about the
manual gateway was included in the portal message in the PanGPA.log
file. |
GPC-12596 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Real-Time Protection status
for the ESET Endpoint Antivirus, which caused the device to fail
the HIP check. |
GPC-12570 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and split tunnel was configured
based on the destination domain, IPv6 traffic was forwarded through
the tunnel. |
GPC-12569 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the pre-logon tunnel was not
renamed after users logged in to the device through SAML authentication. |
GPC-12568 | Fixed an issue where the GlobalProtect app
displayed the following notification when Connect with
SSL Only was enabled by you or the end user: The network connection is unreliable and GlobalProtect reconnected using an alternate method. You may experience slowness when accessing the internet or business applications.With
this fix, this notification will display only when GlobalProtect
falls back to using SSL after attempting IPSec. If you specified
the amount of time (in hours) during which you want the GlobalProtect
app to Automatically Use SSL When IPSec Is Unreliable for
example 5 hours, the app will not display this notification during
the specified time period because it will not attempt to establish
an IPSec tunnel and instead establish an SSL tunnel. |
GPC-12567 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the pre-logon tunnel was not
renamed after users logged in to the device through SAML authentication. |
GPC-12565 | Fixed an issue where the GlobalProtect app
did not display the proper authentication message for the login
screen when the RSA token was not synchronized. This issue occurred
when GlobalProtect was used with seamless RSA authentication. |
GPC-12562 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the DNS short name resolution
was not queried with all the DNS suffixes present on the client
machine. |
GPC-12559 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app delayed establishing
a connection to the gateway for 90 seconds because of the delay
in setting up the IP address on the virtual adapter. |
GPC-12558 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.7,
the GlobalProtect HIP check did not detect the Carbon Black Cloud application,
which caused the device to fail the HIP check. |
GPC-12543 | Fixed an issue where GlobalProtect parsed
the external gateways from the portal configuration and each gateway
was resolved individually and thereby increased the time to finish
DNS resolution for all the external gateways. With this fix, GlobalProtect will
now resolve only the first external gateway at the beginning of network
discovery, and then resolve all the external gateways (auto discovery)
at the same time. This can help to reduce the time for DNS resolution. |
GPC-12507 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the character size of the
pre-login page was difficult to read on high-resolution. With this
fix, users now have the option to Zoom In, Zoom Out,
and Restore Default Zoom when they connect
to the app through SAML authentication using Okta as the ldP. |
GPC-12499 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect agent restarted
when the system extensions were loaded. |
GPC-12466 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running 10.14.6, the GlobalProtect
HIP check did not detect the Anti-Malware information for
the Carbon Black Endpoint Detection and Response application, which
caused the device to fail the HIP check. |
GPC-12465 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect correct the Last Full Scan Time information
for the Symantec Endpoint Protection, which caused the device to
fail the HIP check. |
GPC-12447 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.7
and Big Sur and when the pre-logon tunnel was established to the
internal gateway, the Enforcer status was enabled. |
GPC-12442 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running Big Sur, the app failed
to connect to the portal or gateway after upgrading from GlobalProtect
app 5.0.9 to GlobalProtect 5.2.4. |
GPC-12440 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the Disk Encryption information
for the enumerated disks, which caused the device to fail the HIP check. |
GPC-12385 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the GlobalProtect HIP check
did not detect the CrowdStrike 6.16 application, which caused the
device to fail the HIP check. |
GPC-12377 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app did not display the
GlobalProtect system tray icon after the explorer.exe application
was restarted from the Task Manager. |
GPC-12356 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect tunnel was
disconnected after the device woke up from Modern Standby mode. |
GPC-12352 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Real-Time Protection status
for the ESET Endpoint Antivirus, which caused the device to fail
the HIP check. |
GPC-12293 | Fixed an issue where, the GlobalProtect
HIP check did not detect the correct Last Full Scan Time information
for SenitnelOne Antivirus 4.4.2, which caused the device to fail
the HIP check. |
GPC-12278 | Fixed an issue where, when the GlobalProtect
app was configured for split tunnel based on the destination domain,
the fully qualified domain names were case-sensitive when the number
of inclusions and exclusions added to the list was more than eight entries. |
GPC-12265 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the user interface of the
GlobalProtect agent was unresponsive when users were prompted to
enter their one-time password (OTP). |
GPC-12252 | Fixed an issue where users were not prompted
for their login credentials after using Remote Desktop Protocol
(RDP) to connect to the GlobalProtect app and they were disconnected
after the grace period expired. |
GPC-12248 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the web interface did not
display the normal window size when seamless soft-token authentication
was used on a high display resolution (3840 X 2160) system. This
issue occurred when the auth-api value was
set to yes in the Windows registry. This
addressed issue was not included in GlobalProtect 5.2.5-c84. |
GPC-12235 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and after the GlobalProtect
agent was installed as the SYSTEM user through SCCM or Microsoft
Intune, the repair message pops-up for modern devices and failure
or reconnection message pop-ups for normal devices. |
GPC-12212 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and split tunnel was configured
to exclude application traffic such as Microsoft Teams and Zoom,
some excluded traffic was still forwarded through the tunnel. |
GPC-12190 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect enforcer
blocked SAML authentication after the endpoint woke up from sleep
mode. This addressed issue was not included in GlobalProtect 5.2.5-c84. |
GPC-12041 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the correct Anti-Malware information
for the Last Full Scan Time for Sophos Endpoint Protection,
which caused the device to fail the HIP check. |
GPC-11987 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and split tunnel was configured
to exclude destination domain traffic that included a wildcard character
(*) for domain names, excluded traffic is still forwarded through
the tunnel. |
GPC-11964 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and the No direct
access to local network option was enabled on the gateway,
the default route was deleted for the interface to the local gateway
when the IPv6 address was changed that caused GlobalProtect to disconnect. |
GPC-11916 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app displayed the The connection has failed error
message when changing from WiFi to a LTE network. |
GPC-11568 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, traffic was blocked for 25-45
seconds for some users while generating the HIP report. |
GPC-11484 | Fixed an issue where, when the GlobalProtect
app was installed on Windows, macOS, and Linux devices, the HIP
process collected information about all supported endpoint security
software even when HIP Data Collection was
configured on the portal to exclude categories, vendors, and products. This
addressed issue was not included in GlobalProtect 5.2.5-c84. |
GPC-11450 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.7
and Big Sur, client certificate authentication failed when using
a common access card (CAC). |
GPC-11367 | Fixed an issue where the GlobalProtect HIP
check incorrectly detected the Anti-Malware information
for the Definition Version for Cybereason. This addressed
issue was not included in GlobalProtect 5.2.5-c84. |
GPC-11311 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the output [1]+ Done $PANGPA start was
displayed when users executed commands such as ls /etc/hostname or echo hi in
the command prompt. |
GPC-11281 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the app automatically switched
to the graphics processor on the user’s device during SAML authentication. |
GPC-10650 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the transparent software upgrade
failed for the GlobalProtect app. |
GlobalProtect App 5.2.6 Addressed Issues (iOS only)
The following table lists the issues that are addressed
in GlobalProtect app 5.2.6 for iOS.
Issue ID | Description |
---|---|
GPC-11916 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app displayed The connection has failed error
message when changing from WiFi to a LTE network. |
GlobalProtect App 5.2.5 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.5 for Android, Chrome, Windows, macOS,
and Linux.
Issue ID | Description |
---|---|
GPC-12353 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running Big Sur, the app was
unable to establish a connection when the Netskope Client was installed
on the system. |
GPC-12266 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app was disconnected from
the tunnel and performed a network discovery after waking up from Modern
Standby mode. |
GPC-12264 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app failed to establish
a connection when the SIP softphone client was installed on the system. |
GPC-12243 | Fixed an issue where, when the gateway was
manually selected for the first time instead of the Best Available
gateway, any subsequent connections to the Best Available gateway
allowed end users to connect to the manually selected gateway rather
than the Best Available gateway. |
GPC-12203 | Fixed an issue where the About GlobalProtect dialog
did not display the copyright symbol when the system language was
German. |
GPC-12202 | Fixed an issue where the Custom
Password Expiration Message (LDAP Authentication Only) notification
displayed grammatical errors when the system language was German. |
GPC-12185 | Fixed an issue where the GlobalProtect app
detected two or more internal gateways and all the gateways required
users to authenticate through SAML authentication, the app stopped
all operations following SAML authentication with the first gateway. |
GPC-12174 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS 10.15 or 11.0,
the GlobalProtect HIP check did not detect the CrowdStrike Falcon application,
which caused the device to fail the HIP check. |
GPC-12173 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the CrowdStrike 6.11 application, which caused the
device to fail the HIP check. |
GPC-12154 | Fixed an issue where the ADUC application
and computer console experienced slowness after upgrading from GlobalProtect app
5.1.3 to 5.2.3. |
GPC-12131 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the CrowdStrike 6.12 application, which caused the
device to fail the HIP check. |
GPC-12105 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and split tunnel was configured
based on the application, some traffic did not follow the split
tunnel configuration on applications such as Microsoft Teams. |
GPC-12104 | Fixed an issue where the GlobalProtect client
on the end user’s endpoint did not connect to the Best Available
gateway after the endpoint woke up from sleep mode. This issue occurred
when SAML authentication was used and in the auto-scaled gateway scenario.
With this fix, the GlobalProtect client can also connect to the
Best Available gateway in the auto-scaled gateway scenario. |
GPC-12097 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the clear text password was
visible through a memory dump when using the system browser for
SAML authentication. |
GPC-12066 | Fixed an issue where, when split tunnel
was configured based on the destination domain and Both
Network Traffic and DNS was selected, users experienced
a delay when accessing the exclusions applied to the DNS traffic
and the associated network application traffic for that domain. |
GPC-12059 | Fixed an issue where the default route for
the tunnel was removed shortly after establishing the tunnel. |
GPC-12050 | Fixed an issue where the GlobalProtect HIP
check did not correctly detect the Last Full Scan Time information
for the Windows Defender on Windows endpoints, which caused the
endpoints to fail the HIP check. |
GPC-12044 | Fixed an issue where, after the GlobalProtect
app was upgraded to release 5.1.6, the GlobalProtect virtual adapter
was unable to be setup properly when using laptop docking stations. |
GPC-12043 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and used a smart card for client certificate
authentication, the number of prompts used between the portals were
different. |
GPC-12031 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the whether the Firewall software was
enabled, which caused the endpoints to fail the HIP check. |
GPC-12015 | Fixed an issue where the GlobalProtect HIP
check incorrectly detected the Anti-Malware information for
the Definition Version for Sophos Endpoint
Protection. |
GPC-12004 | Fixed an issue where the GlobalProtect HIP
check incorrectly detected the Anti-Malware information for
the Definition Version for Cisco Advanced
Malware Protection (AMP). |
GPC-11995 | Fixed an issue where the GlobalProtect HIP
check incorrectly detected the Anti-Malware information for
the Definition Version for Sophos Endpoint
Protection version 10.0.0. |
GPC-11938 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the app was unable to automatically launch
due to the Cannot connect to local GPD service error
message. |
GPC-11932 | Fixed an issue where the GlobalProtect HIP
check incorrectly detected the Anti-Malware information for
the Last Full Scan Time for the McAfee Total
Protection Antivirus software application. |
GPC-11931 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect virtual
interface adapter continued to stay enabled when connected to an
internal network. Subsequently, the app failed to establish a tunnel connection
with an external gateway on the external network due to the Failed to get default route entry error
message, which caused the virtual adapter activation to fail. |
GPC-11911 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the Custom Password Expiration
Message (LDAP Authentication Only) notification is blank
after you changed the message setting. |
GPC-11876 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the command string for pre-vpn-connect or post-vpn-connect contained arguments
with one or more whitespace characters, which caused the built-in
GlobalProtect app upgrade to fail. |
GPC-11875 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.7,
the GlobalProtect HIP check did not detect the Anti-Malware information
for the Last Full Scan Time for the McAfee
Total Protection Antivirus software application version 4.9.2, which caused
the device to fail the HIP check. |
GPC-11712 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the Patch-Management software for
the JAMF Pro software application, which caused the device to fail
the HIP check. |
GPC-11686 | Fixed an issue where the HIP report did
not contain the correct Last Full Scan Time information for
the AVG Internet Security software. |
GPC-11648 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect the Patch-Management software for
the JAMF Pro software application, which caused the device to fail
the HIP check. |
GPC-11606 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Avast Antivirus software version 20.x. After
upgrading from Antivirus software version 18.x, the GlobalProtect
HIP check did detect the Avast Antivirus software version 20.x. |
GPC-11460 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect HIP check
did not detect the Anti-Malware information
for the Last Full Scan Time for the McAfee Total
Protection Antivirus software. |
GPC-11440 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the GlobalProtect agent stopped running
after the device initially connected to the portal or gateway. |
GPC-11367 | Fixed an issue where the GlobalProtect HIP
check incorrectly detected the Anti-Malware information for
the Definition Version for Cybereason. |
GlobalProtect App 5.2.5 Addressed Issues (iOS only)
The following table lists the issues that are addressed
in GlobalProtect app 5.2.5 for iOS.
Issue ID | Description |
---|---|
GPC-11888 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app was unable to establish
the connection on a 4G LTE network when the gateway was resolved to
IPv6 only. |
GPC-11684 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, VPN tunnel restoration was not
supported when the portal was configured in Always On mode. |
GPC-11633 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app displayed No available network even
when the network was available. |
GlobalProtect App 5.2.4 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.4 for Windows, macOS, Android, and Linux.
Issue ID | Description |
---|---|
GPC-12069 | Fixed an issue where, when the GlobalProtect
app was installed on Chromebooks, the selection criteria for the
portal agent configuration failed when the OS configured
in the Config Selection Criteria was specified
as Chrome. |
GPC-11989 | Fixed an issue where SAML authentication
was blocked because the GlobalProtect enforcer did not parse all
the fully qualified domain names configured in the FQDN exclusions list. |
GPC-11894 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices with the Resolve
All FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only) set
to Yes and after the portal configuration
refresh interval timer was reached, the DNS queries were sent to
both interfaces. |
GPC-11865 | Fixed an issue where the GlobalProtect Update pop-up
dialog displayed grammatical errors. |
GPC-11868 | Fixed a rare issue where the PanGPS log
file was not rotated and it caused the PanGPS.log file to consume
a large amount of disk space. |
GPC-11819 | Fixed an issue where the GlobalProtect app
could not properly exclude multicast routes specified in the exclude list. |
GPC-11805 | Fixed an intermittent issue where, when
split tunnel was configured based on the destination domain and
application, users were not allowed access to specific fully qualified
domain names after changing the network. |
GPC-11804 | Fixed an issue where, when the GlobalProtect
app was installed on Windows and macOS devices with the Split-Tunnel
Option enabled for both network traffic and DNS, the
DNS queries were sent to both interfaces. |
GPC-11797 | Fixed an issue where, when the GlobalProtect
app was installed on macOS Big Sur devices and split tunnel was
configured based on the application, the app was unable to connect
to applications such as Zoom. |
GPC-11792 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.7
or later, the app did not accept character input when using the on-screen
Accessibility Keyboard required for remote learning. |
GPC-11784 | Fixed an issue where the GlobalProtect app
was configured with Pre-logon then On-demand mode and
if the network was changed or the network connection was lost during
pre-logon tunnel mode, the pre-logon tunnel was not able to reconnect
to the app after the machine was connected to the network. |
GPC-11781 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app was disconnected from
the tunnel after the Pre-logon Tunnel Rename Timeout expired
even when users successfully authenticated to the gateway through
either SAML authentication or RADIUS for two-factor authentication. |
GPC-11777 | Fixed an issue where the GlobalProtect app
will not perform network discovery due to a network change event
when the app was connected to the internal gateway without a tunnel connection. |
GPC-11749 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, DNS resolution failed when the
app was connected on Ubuntu 20.04. |
GPC-11726 | Fixed an issue where the GlobalProtect client
continued to stay in connecting state even when SAML authentication
was configured to establish a connection to the portal or gateway. |
GPC-11723 | Fixed an issue where, after you installed
the GlobalProtect app on macOS devices using the client upgrade
prompt, a kernel panic occurred on the macOS device. |
GPC-11707 | Fixed an issue where the GlobalProtect app
continued to stay in connecting state after failing to meet the Config
Selection Criteria configured on the portal following
a successful SAML authentication. |
GPC-11638 | Fixed an issue where, when the GlobalProtect
app was installed on Windows 10 devices and network connectivity
was enabled in Modern Standby, the tunnel failed to be restored
after waking up from sleep mode. |
GPC-11587 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and Duo Security multi-factor authentication
(MFA) was used to authenticate users through SAML authentication
on the identity provider (ldP), the app did open an embedded browser
using Connect Before Logon but the content incorrectly displayed. |
GPC-10200 | Fixed an issue where, when the GlobalProtect
app was installed on Android devices, the app failed to reconnect
and continued to stay in connecting state. Users had to close and launch
the app to establish the connection. |
GlobalProtect App 5.2.4 Addressed Issues (iOS only)
The following table lists the issues that are addressed
in GlobalProtect app 5.2.4 for iOS.
Issue ID | Description |
---|---|
GPC-11669 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app continued to stay in connecting state
after changing the network type and failed to automatically reconnect. |
GlobalProtect App 5.2.3 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.3 for Windows, macOS, Linux, and Android.
Issue ID | Description |
---|---|
GPC-11706 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect tunnel could
not send traffic after the system woke up from sleep mode. |
GPC-11694 | Fixed an issue where the GlobalProtect tunnel
was disconnected when the server sent packets greater than 1524. |
GPC-11683 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect virtual interface
was locally unreachable. |
GPC-11660 | Fixed an issue on the GlobalProtect agent
when the response from the gateway pre-login included the error
status and an empty message, but the GlobalProtect client was not
expected to receive the response from the pre-login with the error
status and an empty message. With this fix, the GlobalProtect client
is configured to handle the error status and the empty message response
from the gateway pre-login when the minimum version is set to TLSv1.2
in the SSL/TLS service profile. |
GPC-11659 | Fixed an issue where, when the GlobalProtect
app was installed on Android devices, the gateway was randomly disconnected
and users cannot reconnect until they force stop or force start
the app. |
GPC-11656 | Fixed an issue where, after you upgraded
the GlobalProtect app to release 5.2.1 or release 5.2.2 on macOS
devices using the client upgrade prompt, a kernel panic occurred
on the macOS device. |
GPC-11644 | Fixed an issue where the HIP report did
not contain the correct Last Full Scan Time information for
the AVG Internet Security software. |
GPC-11643 | Fixed an issue where, when the GlobalProtect
app was installed on Android devices and when the Allow Authentication
with User Credentials OR Client Certificate option was
set to Yes on the portal, users were not
able to authenticate to the portal with a valid client certificate.
With this fix, users are now able to authenticate to the portal
with a valid client certificate when the Allow Authentication with
User Credentials OR Client Certificate option is set
to Yes on the portal. |
GPC-11637 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the GUI version of GlobalProtect sometimes
was unresponsive (for example, when the GNOME Shell was replaced). |
GPC-11616 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices, the GlobalProtect HIP check
did not detect Anti-Malware information for Sophos
Endpoint Protection version 10.0.0. |
GPC-11612 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the speed limit of the GlobalProtect adapter
was set to a maximum of 100Mbps, With this fix, the speed limit
of the GlobalProtect adapter is now set to a maximum of 2Gbps. |
GPC-11603 | Fixed an issue where, when the GlobalProtect
Android app was installed on Chromebooks, the app identified the
operating system as Android instead of Chrome. |
GPC-11601 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the app was unable to establish
the tunnel when the connection was on the mobile network. |
GPC-11594 | Fixed an issue where, when the GlobalProtect
app was installed on Linux devices, the GUI version of GlobalProtect
hangs when multiple terminals were launched (in a multi-user target)
or when one terminal had to be launched for the GUI version to launch. |
GPC-11569 | Fixed an issue on Windows endpoints where,
if the GlobalProtect app is configured with the Pre-logon (Always
On) Connect Method with the Pre-logon Tunnel Rename Timeout value
set to -1 (or any other value) and
users disable the app and reboot their endpoint, the pre-logon tunnel
is up after they login. After the system reboots, the app is disabled but
the virtual interface is enabled. With this fix, the app and the virtual
interface are disabled after a system reboot. |
GPC-11538 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina, the GlobalProtect
service restarted after a system reboot or when users logged out
and logged in to the endpoint. |
GPC-11530 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and the No direct access
to local network option was enabled, users with administrator
privileges were able to modify the routing table to bypass the VPN
tunnel. |
GPC-11529 | Fixed an issue where Connect Before Logon
using Security Assertion Markup Language (SAML) authentication was
used to log in to the Windows 10 endpoint, users were able to launch
the command prompt from the authentication web browser. |
GPC-11527 | Fixed an issue where, when the GlobalProtect
app was installed on Windows endpoints and split tunnel was configured based
on the application, handle leaks were observed by the GlobalProtect
service. |
GPC-11525 | Fixed an issue where the GlobalProtect app
failed to connect to the portal or gateway in the Prisma Access
network through the proxy. |
GPC-11524 | Fixed an issue where, when the GlobalProtect
app was deployed on managed Android devices through a mobile device management
(MDM) system such as Microsoft Intune, the app hangs in Connecting state
and the tunnel failed to be restored when users moved to a poor
cell reception. |
GPC-11489 | Fixed an issue where the GlobalProtect HIP
check did not detect Patch Management information for
the Microsoft Intune management extension software. |
GPC-11478 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices and the No direct
access to local network option was enabled on the gateway, the
access route to the default gateway was not properly masked. |
GPC-11466 | Fixed an issue on Windows 10 endpoints where
the Active Directory Users and Computers (ADUC) application experienced high
latency when users established a GlobalProtect connection. |
GPC-11461 | Fixed an issue where, after you upgraded
and installed the GlobalProtect app, the app was unable to connect
to the gateway due to the Failed to get default route entry error
message. |
GPC-11448 | Fixed an issue where the GlobalProtect app
was unable to establish a connection to the gateway because the
fully qualified domain name (FQDN) specified for the gateway mapped
to a different IP address during network discovery and pre-login.
With this fix, the app performed a network discovery again and connected
to the Best Available gateway. |
GPC-11402 | Fixed an issue where, when the GlobalProtect
app was installed on Windows endpoints, the app was disconnected
from the VPN tunnel after the pre-logon tunnel grace period expired even
when users logged in to the endpoint and the pre-logon tunnel was
successfully renamed. This issue occurred when two-factor authentication
(2FA) was used. |
GPC-11393 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the app performed a second network
discovery after gateway authentication was successful. This issue
resulted in two authentication prompts (for example, the SAML authentication
type) right after waking up from sleep mode. |
GPC-11395 | Fixed an issue where, when the GlobalProtect
app was installed on macOS devices running macOS Catalina 10.15.4,
the GlobalProtect HIP check did not detect Symantec Endpoint Protection
14.3 real-time protection, which caused the device to fail the HIP
check. |
GPC-11370 | Fixed an issue where the GlobalProtect app
selected the geographically distant gateway instead of the gateway
with the faster response time. With this fix, the Best Available gateway
is now determined by the assigned weight of the gateway. |
GPC-11349 | Fixed an issue where the GlobalProtect HIP
check incorrectly detected the Anti-Malware information for
the Engine Version, Definition
Version, and Date for the CrowdStrike
Falcon application. |
GPC-11346 | Fixed an issue where portal authentication
failed due to the authentication failure during the GlobalProtect
App Config Refresh configuration, which caused users
to be locked out of the RSA device. |
GPC-11218 | Fixed an issue where the GlobalProtect HIP
check did not detect Symantec Endpoint Protection 14.3 real-time
protection, which caused the device to fail the HIP check. |
GPC-11173 | Fixed an issue where the GlobalProtect app
was configured with On-Demand mode and continued
to stay in connecting state even when manually switching to a different
gateway failed. With this fix, the app will now display an error
message when switching to a different gateway failed. |
GPC-11084 | Fixed an issue where, when the GlobalProtect
app was connected on Linux endpoints, the DNS content was removed
from the resolv.conf file found in
the /etc folder because the network was
interrupted. |
GPC-10954 | Fixed an issue in GlobalProtect for macOS
endpoints where installing or upgrading the package using a MDM
system such as JAMF Pro resulted in a GlobalProtect app initialization
failure. |
GPC-10934 | Fixed an issue where the original DNS suffixes
were removed from the client machine and only the DNS suffixes from the
gateway were applied. |
GPC-10831 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect service
modified the DNS suffix system list even when the gateway pushed
an empty DNS suffix list. |
GPC-10200 | Fixed an issue where, when the GlobalProtect
app was installed on Android devices, the app failed to reconnect
and continued to stay in connecting state. Users had to close and launch
the app to establish the connection. |
GlobalProtect App 5.2.2 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.2 for Windows, macOS, and iOS.
Issue ID | Description |
---|---|
GPC-11531 | Fixed an issue where, when the GlobalProtect
app was installed on iOS devices, the GlobalProtect service was
started multiple times when users initiated the VPN connection from
the iOS VPN settings. |
GPC-11479 | Fixed an issue where the GlobalProtect app
took more than 2 minutes to establish a connection when users installed
the app for the fist time on macOS endpoints running macOS Catalina 10.15.4
or later. This issue occurred when the administrator did not select
the GlobalProtect System Extensions check
box during the installation. |
GlobalProtect App 5.2.1 Addressed Issues
The following table lists the issues that are addressed
in GlobalProtect app 5.2.1 for Windows, macOS, Linux, Android, and
iOS.
Issue ID | Description |
---|---|
GPC-10476 | Fixed an issue where in high bandwidth environments,
the download speed through the GlobalProtect connection was slower than
the upload speed. |
GPC-11464 | Fixed an issue where, when the GlobalProtect
app was deployed for Android on managed Chromebooks using the Google Admin
console, the app disconnected and reconnected because the same managed
configuration file was pushed from the Google Admin Console multiple
times. |
GPC-11417 | Fixed an issue for Android on Chromebooks
where, if the GlobalProtect app was configured with the Always On
connect method, the app did not automatically connect to the portal
after users rebooted the system. |
GPC-11348 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices, the GlobalProtect client failed
to rename the pre-logon tunnel to the user tunnel when SAML was used
to authenticate users. |
GPC-11347 | Fixed an issue where, when the GlobalProtect
app was installed on Windows devices and a connection was established, high
CPU usage (around 30 percent) was detected for the system process. |
GPC-10881 | Fixed an issue, when the GlobalProtect app
was installed on iOS devices with Always On mode
as part of the VPN profile, the app frequently reported authentication errors.
This issue occurred when the portal cache configuration was not
saved successfully. |
GPC-9982 | Fixed an issue, when the GlobalProtect app
was installed on macOS endpoints running macOS Catalina 10.15 or
later and HIP checks were enabled, the macOS endpoint displayed
additional pop-ups to the user when GlobalProtect requested to access
your Desktop, Documents, and Downloads folders. |