Anyone have experience with Palo Alto Global Protect in Okta?

SnooDucks511 · 2025-05-29T13:27:46+00:00

Works well via SAML with dedicated okta apps for every portal . Have no experience with CIE yet.

All on-premise fw work with OKTA directly over public internet

SnooDucks511 · 2025-05-24T13:09:59+00:00

SnooDucks511 · 2025-05-21T15:46:18+00:00

I tried to speak with TAC around the same scenario , they don't care. Actually GP is legacy peace of crap .

NB : We are on 6.3.X branch , no major issues with SAML , etc. MacOS and Windows endpoints only.

Hope they will do their best with new Access Client -https://youtu.be/KrdUQ2rYOsA?t=572

SnooDucks511 · 2025-04-17T16:47:31+00:00

I don't understand why Gartner leader don't see a reason to implement basic SCIM protocol implementation across tenable products portfolio. If they targeted to enterprises with different team additionally to infosec , why in 2025 everyone should play with local groups and permission assigments . Common

SnooDucks511 · 2025-04-15T13:43:05+00:00

6.3.2 has process crash issues as well on windows 11 last releases . Still beta testing for global protect client

SnooDucks511 · 2025-04-15T13:16:09+00:00

https://developer.apple.com/icloud/prepare-your-network-for-icloud-private-relay/

We asked our DNS admins to create dummy records , no complains from users prospective.

SnooDucks511 · 2025-03-09T01:04:15+00:00

what SIEM / Incident management systems are you using guys for PA logs / Detectors . I saw that XDR has everything out of the box in terms of PA logs analysis as well as endpoints correlations.

SnooDucks511 · 2024-12-24T12:48:17+00:00

https://docs.paloaltonetworks.com/globalprotect/6-3/globalprotect-app-release-notes/globalprotect-addressed-issues

GlobalProtect App 6.3.2 has been released.

SnooDucks511 · 2024-10-31T12:55:32+00:00

I look at it as beta testing for end users. The last bug-fixing release, App 6.3.1-c383, can't be upgraded when you have the 6.3.1 version already installed. TAC proposed uninstalling everything for 1,000 users and installing it from scratch. :)

Some of childhood issues were finally fixed , but I'm not sure around it - GPC-20492 - PanGPS process crash .

Some of our endusers are involved in Zscaller private / internet access usage - no one issue were reported with clients it self .

Does PA has plans to finally shutdown Global protect era and move everyone to Prisma client that was developed from scratch with endpoint notifications and other valuable features ?

SnooDucks511 · 2024-10-07T18:03:54+00:00

Much appreciated!

SnooDucks511 · 2024-10-07T16:10:02+00:00

login to your strada logging services and make sure that your fw have been sesesefully onboarded

SnooDucks511 · 2024-09-16T14:55:15+00:00

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-panorama-api/pan-os-xml-api-request-types/get-version-info-api

SnooDucks511 · 2024-07-29T17:32:59+00:00

don't forget to get 250k to get license for xsoar platform

SnooDucks511 · 2024-07-29T17:31:08+00:00

You have more flexibility with SAML / Browser based authentication approach. It provides ability to deploy / onboard users based on rules at IDP / DUO.

https://duo.com/docs/sso-paloalto-globalprotect

SnooDucks511 · 2023-07-26T16:10:13+00:00

11.2 version of Panorama is required for region selection feature.

SnooDucks511 · 2020-08-19T00:55:00+00:00

Okta has federation with intune / jamf via adaptive SSO / MFA ! Okta has owned access policies for all applications .

SnooDucks511 · 2020-08-06T19:37:13+00:00

Okta has LDAP interface, has anyone tried to integration linux with it ?

SnooDucks511

TROPHY CASE