cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect on Mac's

cmaulding
New Contributor II

So we have the agent deployed out to our widows and Macs in our environment. We have followed the Best practice guides for bypassing the VPN traffic with Netskope but we are still having issues connecting to the VPN on the Mac's. Anyone else run into this issue? 

1 ACCEPTED SOLUTION

@cmaulding the bug in Big Sur GP client is not address until 5.2.5.  I have verified that on 5.2.5-66 things are running just fine.

View solution in original post

15 REPLIES 15

bob
Moderator
Moderator

@cmaulding To confirm, when you have the Netskope Client enabled, your VPN will not connect to its intended destination?  Can you share what type of VPN and also, are you using the Client for Netskope Private Access or CASB/SWG or both?

 

cmaulding
New Contributor II

Hey Bob that is correct. We are using the PaloAlto Global protect, and we are using it for SWG/CASB and NPA. Currently. We have the agent on Windows Machine with the global Protect VPN and those were just fine. It is only the Mac's that do not work. 

Hi @cmaulding are you running on Catalina?  If so there is a PAN bug with Catalina and GlobalProtect, where split-tunneled domains/IPs are not functioning when running GlobalProtect 5.1 or 5.2.

You can read more on PAN's website: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBqECAW&lang=en_US%E2%80%A...

cmaulding
New Contributor II

Hey @bob

We are actually running on macOS 11.3.1 BigSur and having the same issue. 

@cmaulding feel free to send me a private message here and we can take a look at this together.  Can you also please confirm the version of GP client you're running?

cmaulding
New Contributor II

@mkoyfman we are running GP 5.2.3-22 and I sent you an email per the private message. I appreciate your help. 

@cmaulding the bug in Big Sur GP client is not address until 5.2.5.  I have verified that on 5.2.5-66 things are running just fine.

View solution in original post

cmaulding
New Contributor II

@mkoyfman I have upgraded to the latest client version 5.2.6-87. Now I am able to get the VPN to connect but as soon as it does the Netskope agent goes Red. Disconnect the VPN and it comes back online.  Would this have to do with the bypass configuration that I mentioned before? 

I have this same exact issue on Windows machines.  The guidance for adding split tunneling via IP addresses have been done as well.  

On Windows, we are experiencing the same exact issue where when we connect to VPN, the Netskope agent goes red and then a disconnect/reconnect fixes the issue for a period of time.  It's very intermittent.  I have a ticket opened with Netskope Support but no clear fix.
GP Version:  5.2.6

@ddrake DM me the case number and I will take a look into what's going on there.

We had this exact same issue. I had to add the addresses of our GlobalProtect gateways into a Network Location group. I then added that group as an exception in our Steering Configuration. After that, everything was stable.

thanks for sharing, @jeremywc . @ddrake did you also read and follow this article? https://support.netskope.com/hc/en-us/articles/360023155053-Best-Practice-for-coexistence-of-Netskop...

 

This is what @jeremywc is talking about

Also confirmed that 5.2.6.-87 works fine.

Sorry @mkoyfman  - I apparently don't get notifications on comments I make.  I'll DM you the ticket number.

cshernaman
Community Manager
Community Manager

Hey there @ddrake! Normally you would receive notifications on comments if you were the original conversation author, but in this case, if you are interested in a conversation you can subscribe to the RSS Feed to receive email updates on further comments.

 

Check out our resource on Subscribing to Community Boards & Labels, if you ever have any questions or need help please reach out to me directly!

 

Happy posting! 🖖

Much appreciated,
Chris

Chris Shernaman
Online Community Manager