Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:configuration:globalprotect [2022/09/01 14:50] – bstafford
+++ paloaltonetworks:configuration:globalprotect [2025/09/11 08:00] (current) – [Cookies] bstafford
@@ Line 139: / Line 139: @@
 <code>Computer\HKEY_CURRENT_USER\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings\LastUrl</code>
 ===== Cookies =====
+User related cookies are stored in the following folders.
-For Windows, user related cookies are stored in:
+First line is for user cookies.
+Second line is for pre-logon cookies (not tied to a particular user, but to a machine)
-<code>C:\Users\%Username%\AppData\Local\Palo Alto Networks\GlobalProtect\</code>
+**For Windows**
-filenames have this format:
+<code>C:\Users\%Username%\AppData\Local\Palo Alto Networks\GlobalProtect\
-<code>PanPUAC_17c2deb6776739fbe2e40a988c921b8.dat</code>
+C:\Program Files\Palo Alto Networks\GlobalProtect\</code>
+**For MacOS**
-For pre-logon cookies (not tied to a particular user, but to a machine), cookies can be found in:
+<code>/Users/$USER/Library/Application Support/PaloAltoNetworks/GlobalProtect/
-<code>C:\Program Files\Palo Alto Networks\GlobalProtect\</code>
+/Library/Application Support/PaloAltoNetworks/GlobalProtect/</code>
-filenames have this format:
+**For Linux**
+<code>~/.GlobalProtect/
+/opt/paloaltonetworks/globalprotect/</code>
+**Naming**
+User cookie filenames have this format:
+<code>PanPUAC_17c2deb6776739fbe2e40a988c921b8.dat</code>
+Pre-Login cookie filenames have this format:
 <code>PanPPAC_811c13bcd3d719c3cdf84fac1ceab29.dat</code>
+To delete the cookies in Windows
+<code>del /F /Q "%LOCALAPPDATA%\Palo Alto Networks\GlobalProtect\*.dat"</code>
+or Powershell:
+<code>$Verzeichnis = "$env:LOCALAPPDATA\Palo Alto Networks\GlobalProtect" Get-ChildItem -Path $Verzeichnis -Filter *.dat -File | Remove-Item -Force</code>
 ===== Portal Client Certificates =====
 When you go to a GlobalProtect portal that requires a client certificate be selected, you used to be able to add the site (in Internet Explorer) to the list of 'trusted sites' and the browser would then remember to select the certificate. In the latest version of Edge, it seems that they have changed that. You have to import the "Edge ADMX" and put the following settings in:<code>{"pattern":"https://gpportal","filter":{"ISSUER":{"CN":"ISSUER NAME"}}}</code>
@@ Line 190: / Line 206: @@
 set global-protect redirect on</code>
 If this other server doesn't force them to authenticate, you can create an authentication policy (outside>outside) to enforce this.
+===== Dynamic DNS =====
+PAN-OS doesn't use external DHCP for GlobalProtect clients. If you want Dynamic DNS and don't want to use the clients, you can use syslog or HTTP using GlobalProtect events.
+( stage eq connected ) or ( stage eq logout ) and put $private_ip and $srcuser and $device_name as payload. Update Dynamic DNS using $deivce_name (possibly $hostname?) and $private_ip. Maybe add $srcuser as tag? Add timestamp as tag?