T-Mobile LTE: No IPv4 addresses. IPv6 addresses only.
AT&T's LTE: Both IPv4 and IPv6 addresses.
GlobalProtect 2.X.X and 3.X.X do not support IPv6. (Current iOS version is 3.0.2.)
Impact is confined to T-Mobile LTE only at this time.
Verizon. AT&T, Sprint, etc. do not have this issue.
Based on how its working today, an educated guess says T-Mobile has an IPv6->IPv4 translation gateway where they connect the LTE network to the Internet.
For T-Mobile LTE customers, use Wifi for VPN.
IPv6 is not supported in GlobalProtect App as of today, but will be supported in a future release. Please contact your Palo Alto Networks representative for timelines and more details.
For more help
Please talk to your Palo Alto Networks Account Rep and open a support case with Palo Alto Networks about the issue if you are being impacted. For reference, use case is #00598890.
Information from devices showing no routable IPv4 addresses:
This is a widely documented problem with mobile carriers in Asia and most mobile carriers in India.
Most of the major websites that users visit are IPv6 capable, this isn't that large of an issue for daily browsing, but most carriers will use a NAT64 gateway so that you can still reach IPv4 only services. This can be an issue on GlobalProtect and most other VPN solutions unless they actually support IPv6.