GlobalProtect 6.3.3 Addressed Issues
Focus
Focus
GlobalProtect

GlobalProtect 6.3.3 Addressed Issues

Table of Contents

GlobalProtect 6.3.3 Addressed Issues

lists the issues addressed in GlobalProtect app 6.3.3.
The following table lists the issues addressed in GlobalProtect app 6.3.3.
Issue ID
Description
GPC-23046
Fixed an issue where users experienced connectivity problems when GlobalProtect was used in a WiFi network with captive portal.
GPC-23010
Fixed an issue where HIP checks incorrectly detected the macOS built-in firewall as disabled, causing HIP checks to fail.
GPC-22847
Fixed an issue where GlobalProtect did not detect Qualys for patch management.
GPC-22771
Fixed an issue where the Host Information Profile (HIP) check failed to detect the installed version of Norton anti-malware.
GPC-22763
Fixed an issue where GlobalProtect prompted for credentials instead of using authoverride cookie when authenticating to the best available gateway.
GPC-22740
Fixed an issue where macOS computers displayed both the new and old versions of the GlobalProtect welcome page.
GPC-22688
Fixed an issue for proxy-only mode where customers were unable to access websites when the computer woke up from sleep
GPC-22638
Fixed an issue where Global Protect HIP did not detect the drive state when using Trellix Drive Encryption 8.0.
GPC-22616
Fixed an issue where the Digital Guardian Agent was not detected by the GlobalProtect client, causing DLP HIP checks to fail.
GPC-22610
Fixed an issue where, after an upgrade, GlobalProtect restarted and failed to connect to the portal
GPC-22589
Fixed an issue where the Report an Issue functionality did not send the troubleshooting log to the administrator’s Strata Logging Service instance.
GPC-22547
Fixed an issue where the installed OWSPAT version was not supported with the CrowdStrike Falcon version, resulting in HIP object match failures.
GPC-22544
Fixed an issue where the GlobalProtect client did not send the HIP report causing user-IP mapping to be cleared and resulting in traffic drop.
GPC-22542
Fixed an issue where the embedded browser shown as part of SAML authentication was blank.
GPC-22487
Fixed an issue where Norton 360 was not compatible with GlobalProtect causing the device to fail the HIP check.
GPC-22450
Fixed an issue where users were unable to use smartcard authentication with embedded browser.
GPC-22448
Fixed an issue where the GlobalProtect client could crash after it was connected to a gateway.
GPC-22443
Fixed an issue where the GlobalProtect agent showed as connected even when the virtual adapter was down.
GPC-22406
Fixed an issue where the GlobalProtect credential provider was not set as the default after installation and reboot.
GPC-22381
Fixed an issue where the GlobalProtect HIP report did not include Cortex XDR installed on the client machine.
GPC-22353
Fixed an issue where a comment was not visible in the GlobalProtect logs when GlobalProtect was disabled with-comment.
GPC-22297
Fixed an issue where the Customer was getting "A valid client certificate is required for authentication" even though they had a valid client certificate installed.
GPC-22295
Fixed an issue where GlobalProtect client for macOS could not navigate away from a hyperlink on the welcome page when the welcome page was opened in the embedded browser.
GPC-22264
Fixed an issue where the GlobalProtect HIP report did not detect the last full scan time for Avast antivirus software.
GPC-22245
Fixed an issue where transparent upgrade from GlobalProtect version 6.2.4 or 6.2.5 to version 6.2.6 failed on some Windows endpoints with error 1618.
GPC-22237
Fixed an issue where GlobalProtect shut down unexpectedly on Windows 11 devices running multiple versions of GlobalProtect 6.3. The issue was caused by the firewall sending invalid IPv6 packets to GlobalProtect, which did not have a validation method before processing.
GPC-22235
Fixed an issue where users were unable to connect to the app after the system woke up from sleep mode.
GPC-22233
Fixed an issue where the users were unable to connect the GlobalProtect app after performing the resolution of CVE-2024-5921. The app displayed the following error, “The certificate CN name mismatch.”
GPC-22155
Fixed an issue where the GlobalProtect app got stuck in the Connecting stage when the app was upgraded to 6.3.2-525 version. Users had to reboot the system to resolve this issue.
GPC-22126
Fixed an issue where GlobalProtect version 6.2.6-838 was stuck intermittently during the connection process.
GPC-22123
Fixed an issue where the GlobalProtect app got stuck and users faced connection issues after the system woke up from sleep mode even though the internet connection was stable.
GPC-22092
Fixed an issue where the GlobalProtect app failed to validate the server certificate when the portal or gateway sent only the leaf certificate.
GPC-22061
Fixed an issue where the GlobalProtect client displayed an error when using an ECDSA certificate with explicit EC parameters in FIPS mode.
GPC-22054
Fixed an issue where after GlobalProtect was upgraded from version 6.3.0 to 6.3.1, users were stuck in connecting state.
GPC-22046
Fixed an issue where when the GlobalProtect app was installed on devices running macOS and the app version was upgraded to 6.2.5, end users were unable to connect the app. The app got stuck in the Connecting state and displayed the following message, “You are redirected to an embedded browser to authenticate and connect.”
GPC-22043
Fixed an issue where Okta push notification shows incorrect Windows OS, when Okta SAML authentication is enabled in GlobalProtect.
GPC-22028
Fixed an issue where the disconnect reason for macOS users was getting cached.
GPC-21988
Fixed an issue where the GlobalProtect Client displayed a download prompt or was updated even with an "upgrade disallow" configuration.
GPC-21960
Fixed an issue where the HIP check failed to detect the Norton anti-malware version 24.11.9615.0.
GPC-21955
Fixed an issue where the HIP notification pop-up on macOS looked different from that on Windows.
GPC-21950
Fixed an issue where the GlobalProtect connection on MacOS Sequoia 15+ was unstable.
GPC-21857
Fixed an issue where, when the GlobalProtect debug build was installed on the device, the device was immediately locked and users were unable to enter their login credentials in the Window Login screen. Users had to reboot their system to resolve this issue.
GPC-21775
Fixed an issue where GlobalProtect users on macOS were disconnected immediately after sending the HIP report.
GPC-21755
Fixed an issue where GlobalProtect users with enforcer enabled were able to access applications that were not in the enforcer exception list.
GPC-21743
Fixed an issue where a user was randomly prompted with a \"Login Successful\" message when connecting to GlobalProtect (GP), even though GP was not connected.
GPC-21737
Fixed an issue where the SAML redirection page opened up on end user
computers even though they did not have internet connectivity.
GPC-21721
Fixed an issue, where the GlobalProtect app got stuck in Connecting status when the device woke up from sleep mode.
GPC-21695
Fixed an issue where the GlobalProtect embedded browser could not utilize a new PIV certificate for SAML authentication if multiple certificates were available.
GPC-21677
Fixed an issue where GlobalProtect configured for Always-on Pre-logon may not display the captive portal page if there is a delay with network access or Internet connectivity.
GPC-21653
Fixed an issue where the GlobalProtect virtual adapter was not set up correctly.
GPC-21639
Fixed an issue where the GlobalProtect macOS client did not extend the session even though the user clicked the Extend Session button.
GPC-21636
Fixed an issue where the users were unable to login Windows 11 using the User Principal Name (UPN) when GPCP was selected with GlobalProtect app version 6.2.4 and 'Interactive logon: Don't display last signed-in' was enabled in their Entra ID - group policy.
GPC-21627
Fixed an issue where the Report an Issue feature failed to work for a specific user whose username contained Japanese character.
GPC-21615
Fixed an issue where the GlobalProtect agent (wa_3rd_party_host_64.exe) modified the __PSLockDownPolicy registry key from 4 (secure language mode) to 0 (full language mode) after a reboot.
GPC-21583
Fixed an issue where the change password message was truncated in the GlobalProtect agent UI.
GPC-21527
Fixed an issue where the firewall did not exclude the APIPA (169.254.0.0/16) range from GlobalProtect when the Endpoint Traffic Policy Enforcement feature was enabled with the exclude option. As a result, traffic to the APIPA range was sent over GlobalProtect instead of the local interface.
GPC-21482
Fixed an issue where some users were unable to connect to portal access, the PANGPA did not work as expected and multiple GlobalProtect instances were opened.
GPC-21468
Fixed an issue where HIP reports were not sent during modern standby mode.
GPC-21467
Fixed an issue where the Transparent Upgrade with Proxy only mode did not work as expected and no tunnel was established with the gateway.
GPC-21454
Fixed an issue where GlobalProtect Connect Before Logon connection allowed GlobalProtect to be disconnected on first time login.
GPC-21453
Fixed an issue where the GlobalProtect app window displayed "static" instead of the connected gateway name.
GPC-21437
Fixed an issue where users were unable to connect to Prisma Access via GlobalProtect.
GPC-21413
Fixed an issue where the GlobalProtect Credential Provider did not reset focus on the password field when the user entered the wrong password
GPC-21375
Fixed an issue where username from SAML assertion did not match the config selection criteria because the Windows SSO username was used instead of the SAML username.
GPC-21355
Fixed an issue GlobalProtect pre-logon was stuck in connecting state after a reboot.
GPC-21284
Fixed an issue where the GlobalProtect gateway did not receive the HIP reports from the user correctly due to which the end users were unable to access the resources even when the sessions were active.
GPC-21267
Fixed an issue where, when the user installed the GlobalProtectARM installer from the Customer Support Portal (CSP) and the user opened GlobalProtect using the Start menu, the icon file (PanGPA.ico) was opened instead of the executable (PanGPA.exe) file.
GPC-21240
Fixed an issue where, when the GlobalProtect app was installed on devices running macOS Sonoma 14.5, the app used the old FQDN names and got stuck in the "Connecting" status instead of prompting the user to enter the portal FQDN name.
GPC-21161
Fixed an issue where the notifications for the feature "Login Lifetime Expiration" and "Notify Before Lifetime Expires" were not displayed on the GlobalProtect client running version 6.2.4.
GPC-21131
Fixed an issue where the users were unable to access the Advanced Logging Settings screen of the GlobalProtect app using the ctrl + tab key combination on the keyboard. The screen reader did not announce the Keyboard options correctly.
GPC-21090
Fixed an issue where GlobalProtect only displayed ADEM information for approximately 120 users even though more than 600 ADEM users were connected to GlobalProtect.
GPC-21024
Fixed an issue where a HIP notification configured as "pop-up-message" for pre-logon does not show up. The pop up window is blank.
GPC-21005
Fixed an issue where after submitting the SAML credentials, a blank screen was displayed and GlobalProtect got stuck in that stage.
GPC-20992
Fixed an issue where the Teams application does not connect to the server for macOS.
GPC-20991
Fixed an issue where the Windows Registry value (ext-key-usage-oid-for-client-cert) on \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings was deleted during the upgrade from GlobalProtect version 6.2.2 to version 6.2.4. This makes the GlobalProtect client unable to select a certificate by itself.
GPC-20977
Fixed an issue where conditional connect was not set and GlobalProtect connected to an external gateway on the internal network instead of connecting to an internal gateway on the internal network.
GPC-20813
Fixed an issue where GlobalProtect 6.3.0 on macOS was blocking multicast traffic on the local network interface.
GPC-20783
Fixed an issue where, when the embedded browser was used, the password field did not work as expected when users typed their passwords in the field. Users had to click inside the password field before entering their password.
GPC-20736
Fixed an issue where users are being logged out from GlobalProtect when the device wakes up from modern standby and network discovery happens.
GPC-20632
Fixed an issue where GLobalProtect was stuck in connecting mode after the customer manually selected a gateway that hit the maximum user limit. This was a multi-gateway environment with SAML/CAS authentication method.
GPC-20550
Fixed an issue where Zoom and Outlook apps intermittently stop connecting on macOS with an error "You are unable to connect to Zoom. Please check your network connection and try again" when the apps are excluded under both domains and applications
GPC-20514
Fixed an issue where the remote users using GlobalProtect with Connect Before Logon (CBL) were unable to reset their password when using the app with an embedded browser.
GPC-20461
Fixed an issue where the GlobalProtect agent version 6.1.4 would only establish a connection via SSL to an IPv6 gateway. The IPSec tunnel was not established or connected.
GPC-20416
Fixed an issue where there is no network discovery once the laptop came out of standby.
GPC-20386
Fixed an issue where Windows users experienced a blue screen of death issue due to a race condition between Microsoft IPSEC extension and GlobalProtect. The issue happens only when IKE extensions are enabled via IPSEC GPO on the endpoint along with GlobalProtect.
GPC-20292
Fixed an issue where the Azure VDI RDP connection disconnects when using enforcer.
GPC-20168
Fixed an issue where it was possible to do a privilege escalation and\or login bypass when using a 3rd party credential provider with GlobalProtect
GPC-18106
Fixed an issue where the GlobalProtect app intermittently did not send the HIP report to the Prisma Access gateway due to a timeout issue.