Network technologies and trends

Feb 7 2017   9:13AM GMT

Apple iOS 10.2.1 and Palo Alto Global Protect issues

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
"Apple Store"
Apple
GATEWAY
IOS
Palo Alto Networks

The recent Apple iOS 10.2.1 update has created an issue with Palo Alto global protect agent for iOS devices. Its been observed that the Palo Alto Global Protect client hangs and never opens. The only way one could open a Global Protect client is uninstall and reinstall it. Once the client is reinstalled it opens for first time and its gives an opportunity to enter Server details and login credentials. Once those details are entered, again the same issue occurs. Always the Global Protect client fails to open.

This situation holds good only when the an Apple device is upgraded to an iOS version 10.2.1 and the Global Protect portal is using a self-sign certificate.

The only way to overcome this issue, is to use a valid trusted certificate issued by trusted CA. Once a valid CA certificate is installed the issue will be resolved. However one has to delete the Global Protect Client and reinstall it from an Apple store as the certificate is automatically binded with an app and it cannot be revoked.

There is one more catch as one cannot use wild card certificates with Global Protect portal, often one will see an error ” Gateway xxxxx.com: Server certificate verification failed”. Its always recommended to use a specific certificate which includes the hostname (dns name) in the Subject Alternative Name (SAN) attribute, it should also match the Common Name of the certificate).

figure-1-1-global-protect-server-certificate-veri

 

Its been observed the recent iOS upgrade has also impacted Microsoft Active Sync as well, unconfirmed sources says Apple is aware of this  issue and they are expected to issue a fix in next iOS updates.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: