Fixed an issue where users experienced connectivity problems when GlobalProtect was used in a WiFi network with captive portal.

Fixed an issue where HIP checks incorrectly detected the macOS built-in firewall as disabled, causing HIP checks to fail.

Fixed an issue where GlobalProtect did not detect Qualys for patch management.

Fixed an issue where the Host Information Profile (HIP) check failed to detect the installed version of Norton anti-malware.

Fixed an issue where GlobalProtect prompted for credentials instead of using authoverride cookie when authenticating to the best available gateway.

Fixed an issue where macOS computers displayed both the new and old versions of the GlobalProtect welcome page.

Fixed an issue for proxy-only mode where customers were unable to access websites when the computer woke up from sleep

Fixed an issue where Global Protect HIP did not detect the drive state when using Trellix Drive Encryption 8.0.

Fixed an issue where the Digital Guardian Agent was not detected by the GlobalProtect client, causing DLP HIP checks to fail.

Fixed an issue where, after an upgrade, GlobalProtect restarted and failed to connect to the portal

Fixed an issue where the Report an Issue functionality did not send the troubleshooting log to the administrator’s Strata Logging Service instance.

Fixed an issue where the installed OWSPAT version was not supported with the CrowdStrike Falcon version, resulting in HIP object match failures.

Fixed an issue where the GlobalProtect client did not send the HIP report causing user-IP mapping to be cleared and resulting in traffic drop.

Fixed an issue where the embedded browser shown as part of SAML authentication was blank.

Fixed an issue where Norton 360 was not compatible with GlobalProtect causing the device to fail the HIP check.

Fixed an issue where users were unable to use smartcard authentication with embedded browser.

Fixed an issue where the GlobalProtect client could crash after it was connected to a gateway.

Fixed an issue where the GlobalProtect agent showed as connected even when the virtual adapter was down.

Fixed an issue where the GlobalProtect credential provider was not set as the default after installation and reboot.

Fixed an issue where the GlobalProtect HIP report did not include Cortex XDR installed on the client machine.

Fixed an issue where a comment was not visible in the GlobalProtect logs when GlobalProtect was disabled with-comment.

Fixed an issue where the Customer was getting "A valid client certificate is required for authentication" even though they had a valid client certificate installed.

Fixed an issue where GlobalProtect client for macOS could not navigate away from a hyperlink on the welcome page when the welcome page was opened in the embedded browser.

Fixed an issue where the GlobalProtect HIP report did not detect the last full scan time for Avast antivirus software.

Fixed an issue where transparent upgrade from GlobalProtect version 6.2.4 or 6.2.5 to version 6.2.6 failed on some Windows endpoints with error 1618.

Fixed an issue where GlobalProtect shut down unexpectedly on Windows 11 devices running multiple versions of GlobalProtect 6.3. The issue was caused by the firewall sending invalid IPv6 packets to GlobalProtect, which did not have a validation method before processing.

Fixed an issue where users were unable to connect to the app after the system woke up from sleep mode.

Fixed an issue where the users were unable to connect the GlobalProtect app after performing the resolution of CVE-2024-5921. The app displayed the following error, “The certificate CN name mismatch.”

Fixed an issue where the GlobalProtect app got stuck in the Connecting stage when the app was upgraded to 6.3.2-525 version. Users had to reboot the system to resolve this issue.

Fixed an issue where GlobalProtect version 6.2.6-838 was stuck intermittently during the connection process.

Fixed an issue where the GlobalProtect app got stuck and users faced connection issues after the system woke up from sleep mode even though the internet connection was stable.

Fixed an issue where the GlobalProtect app failed to validate the server certificate when the portal or gateway sent only the leaf certificate.

Fixed an issue where the GlobalProtect client displayed an error when using an ECDSA certificate with explicit EC parameters in FIPS mode.

Fixed an issue where after GlobalProtect was upgraded from version 6.3.0 to 6.3.1, users were stuck in connecting state.

Fixed an issue where when the GlobalProtect app was installed on devices running macOS and the app version was upgraded to 6.2.5, end users were unable to connect the app. The app got stuck in the Connecting state and displayed the following message, “You are redirected to an embedded browser to authenticate and connect.”

Fixed an issue where Okta push notification shows incorrect Windows OS, when Okta SAML authentication is enabled in GlobalProtect.

Fixed an issue where the disconnect reason for macOS users was getting cached.

Fixed an issue where the GlobalProtect Client displayed a download prompt or was updated even with an "upgrade disallow" configuration.

Fixed an issue where the HIP check failed to detect the Norton anti-malware version 24.11.9615.0.

Fixed an issue where the HIP notification pop-up on macOS looked different from that on Windows.

Fixed an issue where the GlobalProtect connection on MacOS Sequoia 15+ was unstable.

Fixed an issue where, when the GlobalProtect debug build was installed on the device, the device was immediately locked and users were unable to enter their login credentials in the Window Login screen. Users had to reboot their system to resolve this issue.

Fixed an issue where GlobalProtect users on macOS were disconnected immediately after sending the HIP report.

Fixed an issue where GlobalProtect users with enforcer enabled were able to access applications that were not in the enforcer exception list.

Fixed an issue where a user was randomly prompted with a \"Login Successful\" message when connecting to GlobalProtect (GP), even though GP was not connected.

Fixed an issue where the SAML redirection page opened up on end user

computers even though they did not have internet connectivity.

Fixed an issue, where the GlobalProtect app got stuck in Connecting status when the device woke up from sleep mode.

Fixed an issue where the GlobalProtect embedded browser could not utilize a new PIV certificate for SAML authentication if multiple certificates were available.

Fixed an issue where GlobalProtect configured for Always-on Pre-logon may not display the captive portal page if there is a delay with network access or Internet connectivity.

Fixed an issue where the GlobalProtect virtual adapter was not set up correctly.

Fixed an issue where the GlobalProtect macOS client did not extend the session even though the user clicked the Extend Session button.

Fixed an issue where the users were unable to login Windows 11 using the User Principal Name (UPN) when GPCP was selected with GlobalProtect app version 6.2.4 and 'Interactive logon: Don't display last signed-in' was enabled in their Entra ID - group policy.

Fixed an issue where the Report an Issue feature failed to work for a specific user whose username contained Japanese character.

Fixed an issue where the GlobalProtect agent (wa_3rd_party_host_64.exe) modified the __PSLockDownPolicy registry key from 4 (secure language mode) to 0 (full language mode) after a reboot.

Fixed an issue where the change password message was truncated in the GlobalProtect agent UI.

Fixed an issue where the firewall did not exclude the APIPA (169.254.0.0/16) range from GlobalProtect when the Endpoint Traffic Policy Enforcement feature was enabled with the exclude option. As a result, traffic to the APIPA range was sent over GlobalProtect instead of the local interface.

Fixed an issue where some users were unable to connect to portal access, the PANGPA did not work as expected and multiple GlobalProtect instances were opened.

Fixed an issue where HIP reports were not sent during modern standby mode.

Fixed an issue where the Transparent Upgrade with Proxy only mode did not work as expected and no tunnel was established with the gateway.

Fixed an issue where GlobalProtect Connect Before Logon connection allowed GlobalProtect to be disconnected on first time login.

Fixed an issue where the GlobalProtect app window displayed "static" instead of the connected gateway name.

Fixed an issue where users were unable to connect to Prisma Access via GlobalProtect.

Fixed an issue where the GlobalProtect Credential Provider did not reset focus on the password field when the user entered the wrong password

Fixed an issue where username from SAML assertion did not match the config selection criteria because the Windows SSO username was used instead of the SAML username.

Fixed an issue GlobalProtect pre-logon was stuck in connecting state after a reboot.

Fixed an issue where the GlobalProtect gateway did not receive the HIP reports from the user correctly due to which the end users were unable to access the resources even when the sessions were active.

Fixed an issue where, when the user installed the GlobalProtectARM installer from the Customer Support Portal (CSP) and the user opened GlobalProtect using the Start menu, the icon file (PanGPA.ico) was opened instead of the executable (PanGPA.exe) file.

Fixed an issue where, when the GlobalProtect app was installed on devices running macOS Sonoma 14.5, the app used the old FQDN names and got stuck in the "Connecting" status instead of prompting the user to enter the portal FQDN name.

Fixed an issue where the notifications for the feature "Login Lifetime Expiration" and "Notify Before Lifetime Expires" were not displayed on the GlobalProtect client running version 6.2.4.

Fixed an issue where the users were unable to access the Advanced Logging Settings screen of the GlobalProtect app using the ctrl + tab key combination on the keyboard. The screen reader did not announce the Keyboard options correctly.

Fixed an issue where GlobalProtect only displayed ADEM information for approximately 120 users even though more than 600 ADEM users were connected to GlobalProtect.

Fixed an issue where a HIP notification configured as "pop-up-message" for pre-logon does not show up. The pop up window is blank.

Fixed an issue where after submitting the SAML credentials, a blank screen was displayed and GlobalProtect got stuck in that stage.

Fixed an issue where the Teams application does not connect to the server for macOS.

Fixed an issue where the Windows Registry value (ext-key-usage-oid-for-client-cert) on \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings was deleted during the upgrade from GlobalProtect version 6.2.2 to version 6.2.4. This makes the GlobalProtect client unable to select a certificate by itself.

Fixed an issue where conditional connect was not set and GlobalProtect connected to an external gateway on the internal network instead of connecting to an internal gateway on the internal network.

Fixed an issue where GlobalProtect 6.3.0 on macOS was blocking multicast traffic on the local network interface.

Fixed an issue where, when the embedded browser was used, the password field did not work as expected when users typed their passwords in the field. Users had to click inside the password field before entering their password.

Fixed an issue where users are being logged out from GlobalProtect when the device wakes up from modern standby and network discovery happens.

Fixed an issue where GLobalProtect was stuck in connecting mode after the customer manually selected a gateway that hit the maximum user limit. This was a multi-gateway environment with SAML/CAS authentication method.

Fixed an issue where Zoom and Outlook apps intermittently stop connecting on macOS with an error "You are unable to connect to Zoom. Please check your network connection and try again" when the apps are excluded under both domains and applications

Fixed an issue where the remote users using GlobalProtect with Connect Before Logon (CBL) were unable to reset their password when using the app with an embedded browser.

Fixed an issue where the GlobalProtect agent version 6.1.4 would only establish a connection via SSL to an IPv6 gateway. The IPSec tunnel was not established or connected.

Fixed an issue where there is no network discovery once the laptop came out of standby.

Fixed an issue where Windows users experienced a blue screen of death issue due to a race condition between Microsoft IPSEC extension and GlobalProtect. The issue happens only when IKE extensions are enabled via IPSEC GPO on the endpoint along with GlobalProtect.

Fixed an issue where the Azure VDI RDP connection disconnects when using enforcer.

Fixed an issue where it was possible to do a privilege escalation and\or login bypass when using a 3rd party credential provider with GlobalProtect

Fixed an issue where the GlobalProtect app intermittently did not send the HIP report to the Prisma Access gateway due to a timeout issue.