User machines on Global Protect Client are able to be port scanned
194
Created On 11/07/23 18:37 PM - Last Modified 10/27/25 21:10 PM
Symptom
- The customer has user machines who are on GP Client and working from home, they discovered that they are able to run a port scan on their public home IP, and the device is replying and acknowledging open ports.
Environment
- All Global Protect client versions.
- All PAN OS versions.
Cause
- The observed behavior is a result of the absence of restrictions on Windows inbound traffic.
Resolution
- Establish a configuration for endpoint traffic policy enforcement that utilizes the physical adapter on the remote endpoint to block malicious inbound connections. This setup aims to prevent users from accessing unauthorized applications or resources once the GlobalProtect tunnel is established. Please consult the following link: https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement