GlobalProtect users are identified with domain '(null)' when using authenticated cookie

• The globalprotect users are identified as '(null)\username' instead of expected domain prefix or '(empty-domain)', which causes the user traffic to hit the deny rule
• The issue happens only when the Portal cookie is enabled and gateway cookie is not enabled.

> show user ip-user-mapping all
IP                                            Vsys                From    User                             Connected GW IP           IdleTimeout(s) MaxTimeout(s)
--------------------------------------------- ------------------- ------- -------------------------------- ------------------------- -------------- -------------
x.x.x.x                                   vsys1               GP      (null)\user1                  y.y.y.y           10359          10359

• GlobalProtect with authentication cookie enabled on Portal
• Prisma Access
• PAN-OS 10.0.8

Software Defect PAN-184291.

1. As a workaround, Disable cookie generation on GP Portal or Generate cookie on the GP Gateway.
2. For fix, Upgrade to PAN-OS 10.0.11 or 10.1.6 or higher which resolves PAN-184291.

• To disable cookie on Portal:
• GUI: Network > GlobalProtect > Portals > GlobalProtecct_Portal > Agent > Configs > Authentication > and Uncheck 'Generate cookie for authentication override'
•  How to generate cookies on GlobalProtect Portal and use cookies for Gateway Authentication