cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect on Catalina not displaying DUO Auth page

mbrancy
New Contributor

We moved federated domain name to our Netskope tenant SSL bypass instead of the client steering but when we did that it broke the Catalina Mac's getting to VPN. We are now getting a black page. Please see screen shot.

 

Has anyone seen this?

5 REPLIES 5

sshiflett
Netskope
Netskope

Good afternoon!  Is this only impacting Catalina Macs?  What happens if you try to go to that federated domain in the browser rather than the Global Protect client?  Do you happen to have the Netskope client logs or a packet capture?  


Sam Shiflett
Netskope Sales Engineer - North Florida

Good morning! Thanks so much for answering. Yes, this is only affecting Catalina.  If I go to the federated domain in a browser I get a 403 - forbidden. I have attached the client logs and a packet capture. 

 

mkoyfman
Netskope
Netskope

So the issue is specific to Duo?  What was working before, what is the "federated domain" in your context, and would be good to exactly understand the changes you made.  You don't have to give the real domain, feel free to obfuscate, but knowing what worked and what you did to break it would be helpful.

 

At the same time, would be good to verify that our Best Practices for co-existence were followed: https://support.netskope.com/hc/en-us/articles/360023155053-Best-Practice-for-coexistence-of-Netskop...

 

No the issue is specific to Catalina. I had our federated domain in the client steering exception to bypass. I need to move that to the tenant level because I need to whitelist the Netskope IP's at our SasS vendors. When I did that Catalina users were not able to get to Global Protect (VPN). They just get a black Global Protect screen. I'm aware of the best practices and will be implementing split tunneling but really don't think that is my issue here. Windows and Mojave (Mac) were fine with my change.