GlobalProtect
Resolve FIPS-CC Mode Issues
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
9.1 (EoL)
- 10.1 & Later
- 9.1 (EoL)
-
-
-
- Deploy App Settings in the Windows Registry
- Deploy App Settings from Msiexec
- Deploy Scripts Using the Windows Registry
- Deploy Scripts Using Msiexec
- SSO Wrapping for Third-Party Credential Providers on Windows Endpoints
- Enable SSO Wrapping for Third-Party Credentials with the Windows Registry
- Enable SSO Wrapping for Third-Party Credentials with the Windows Installer
-
- Mobile Device Management Overview
- Set Up the MDM Integration With GlobalProtect
- Qualified MDM Vendors
-
- Remote Access VPN (Authentication Profile)
- Remote Access VPN (Certificate Profile)
- Remote Access VPN with Two-Factor Authentication
- Always On VPN Configuration
- Remote Access VPN with Pre-Logon
- GlobalProtect Multiple Gateway Configuration
- GlobalProtect for Internal HIP Checking and User-Based Access
- Mixed Internal and External Gateway Configuration
- Captive Portal and Enforce GlobalProtect for Network Access
-
-
- End User Experience
- Management and Logging in Panorama
-
- View a Graphical Display of GlobalProtect User Activity in PAN-OS
- View All GlobalProtect Logs on a Dedicated Page in PAN-OS
- Event Descriptions for the GlobalProtect Logs in PAN-OS
- Filter GlobalProtect Logs for Gateway Latency in PAN-OS
- Restrict Access to GlobalProtect Logs in PAN-OS
- Forward GlobalProtect Logs to an External Service in PAN-OS
- Configure Custom Reports for GlobalProtect in PAN-OS
- Monitoring and High Availability
-
- About GlobalProtect Cipher Selection
- Cipher Exchange Between the GlobalProtect App and Gateway
-
- Reference: GlobalProtect App Cryptographic Functions
-
- Reference: TLS Ciphers Supported by GlobalProtect Apps on macOS Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows 10 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows 7 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Android 6.0.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on iOS 10.2.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Chromebooks
- Ciphers Used to Set Up IPsec Tunnels
- SSL APIs
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- Download and Install the GlobalProtect App for Windows
- Use Connect Before Logon
- Use Single Sign-On for Smart Card Authentication
- Use the GlobalProtect App for Windows
- Report an Issue From the GlobalProtect App for Windows
- Disconnect the GlobalProtect App for Windows
- Uninstall the GlobalProtect App for Windows
- Fix a Microsoft Installer Conflict
-
- Download and Install the GlobalProtect App for macOS
- Use the GlobalProtect App for macOS
- Report an Issue From the GlobalProtect App for macOS
- Disconnect the GlobalProtect App for macOS
- Uninstall the GlobalProtect App for macOS
- Remove the GlobalProtect Enforcer Kernel Extension
- Enable the GlobalProtect App for macOS to Use Client Certificates for Authentication
-
6.1
- 6.1
- 6.0
- 5.1
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
End-of-Life (EoL)
Resolve FIPS-CC Mode Issues
View possible FIPS-CC mode issues and the corresponding
solutions.
The following table describes possible
FIPS-CC mode issues and the corresponding solutions. If you encounter
any issues that are not described below, please contact your GlobalProtect™
administrator for troubleshooting assistance.
Issue | Description | Solution |
---|---|---|
The GlobalProtect app fails to initialize
in FIPS-CC mode due to a FIPS power-on self-test or integrity test failure. | After you enable FIPS-CC mode, the GlobalProtect
app performs FIPS power-on self-tests and integrity tests during
app initialization and system or app reboots. If either of these
tests fail, the GlobalProtect app is disabled and the About window
displays the FIPS-CC Mode Failed error
message: ![]() ![]() | Restart the app to clear the error condition.
If the issue persists, uninstall and then reinstall the app. |
The GlobalProtect app is unable to establish
a connection in FIPS-CC mode due to a FIPS conditional self-test failure. | After the GlobalProtect app initializes
in FIPS-CC mode, it performs FIPS conditional self-tests. If the
self-tests fail, the GlobalProtect app terminates the session and remains
disconnected. | To establish a GlobalProtect connection,
you must re-authenticate to the GlobalProtect portal. |
If GlobalProtect is unable to initialize or connect in
FIPS-CC mode, you can access the Troubleshooting tab
of the GlobalProtect Settings panel to view and collect logs for
troubleshooting. All other tabs are unavailable until GlobalProtect
connects successfully.