When the GlobalProtect app is installed on Android devices, the GlobalProtect notification is persistent and continues to stay on the screen even when the app is closed. This issue is not applicable for Android devices with Android 13 and later version.

Fixed the issue where the GlobalProtect notification displayed on the screen was unresponsive and this is listed under the Addressed Issues section.

If you change the setting for

Connect with SSL Only

in the portal configuration, when the user views the Preferences in the GlobalProtect app, the Connect with SSL setting retains the previous setting.

The first time end users connect using the GlobalProtect 6.0 app they may see an authentication failed message if their SSO credentials are different from the credentials they used to log in to their computer.

On macOS endpoints, when connected to an internal gateway the endpoint may not send a HIP report or receive HIP notifications, and the HIP reports are not available on the Host Information Profile tab in the app.

In pre-logon deployments, the GlobalProtect enforcer remains enabled even after disabling GlobalProtect.

After connecting to GlobalProtect using Connect Before Logon (CBL) with SAML authentication, the GlobalProtect app keeps opening and closing after the user logs in.

In some cases, TCP Option lookup for IP fragmented TCP packets can cause the endpoint to lose access to internal resources.

macOS devices are able to bypass the GlobalProtect tunnel using the physical adapter even when

No direct access to local network

is enabled.

In cases where the GlobalProtect gateway does not push a DNS suffix to the endpoint, the endpoint incorrectly pushes the DNS suffix from the physical adapter to the virtual adapter.

When connected to GlobalProtect with

Resolve All FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only)

set to

Yes

in the App Configurations area of the GlobalProtect portal configuration, performance is slow in the Windows Active Directory Users and Computers console.

Workaround:

Set

Resolve All FQDNs Using DNS Servers Assigned by the Tunnel (Windows Only)

to

No

.

DNS queries for excluded domains are sent out on both the GlobalProtect app virtual adapter and the device's physical adapter when the

Split-Tunnel Option

is set to

Both Network Traffic and DNS

in the App Configurations area of the GlobalProtect portal configuration.

In some cases the GlobalProtect tunnel cannot send traffic after the system wakes up from sleep mode.

In a configuration where the

Welcome Page

is set to

None

and

Have User Accept Terms Of Use before Creating Tunnel

is set to

Yes

, the endpoint gets stuck in the connecting state.

Workaround:

Enable the Welcome Page or set

Have User Accept Terms Of Use before Creating Tunnel

to

No

.

When the user is prompted to select a certificate to use to connect to GlobalProtect, if the user instead clicks Cancel without selecting a client certificate the app shows the

no network connectivity

error message.

If the end user sets a preferred gateway in the GlobalProtect app and the administrator later disables the manual gateway option in the portal configuration, the app will still display the option to set a gateway as preferred after the end user refreshes the connection even though manual gateway selection is no longer an available option.