Sign in Subscribe
1 min read paloalto

Install Palo Alto GlobalProtect to use default browser for SAML

There is a 'funny' situation when installing Palo Alto GlobalProtect client for RA VPN. If you are using SAML to authenticate your users, with the default installation it will use builtin browser to open SAML IdP.

Unfortunately, that doesn't work - for some reason, I'm still reading conflicting things about this.

The problem is that client picks up the configuration from the GP portal, but if it can't connect, then it can't pull the config either, right?

The only solution to this that I've found was to instruct installer to install GP application with direct instruction to disable the built-in browser and use the system default browser. It's quite easy to do:

msiexec.exe /i GlobalProtect64.msi DEFAULTBROWSER=YES

Of course, you need to position yourself in the directory where you downloaded the installer, run the command, and after that, GP will use the default browser to open SAML sessions with your IdP.

Published by:

Nenad Karlovcec

You might also like...

Sep
08

How to install PA firewall device certificate for Panorama managed devices

3 min read
Jul
01

OpenConfig plugin on Palo Alto FWs - how to delete it

1 min read
Jun
30

Configure Palo Alto Cloud Identity Engine to use Authentik as IdP

8 min read
Apr
12

Palo Alto FW can't download software with proper licensing applied

1 min read
Mar
27

Palo Alto FW IP-tagging

7 min read

Member discussion