Unable to connect the GlobalProtect application while using the Rogers mobile hotspots because of IPv6

• While using Mobile hotspot the device cannot connect GlobalProtect using IPv6 while IPv4 is expected and configured on the firewall

PanGPS logs show below:

(P5708-T7756)Debug( 584): 05/26/25 17:20:34:807 Network is reachable
(P5708-T7756)Debug(8212): 05/26/25 17:20:34:807 Pre-login...,verifyportalcert=yes
(P5708-T7756)Debug(13781): 05/26/25 17:20:34:807 Check cert of server 2604:5580:22::xxxx:xxxx
(P5708-T7756)Debug( 930): 05/26/25 17:20:34:807 SSL connecting to 2604:5580:22::xxxx:xxxx
(P5708-T7756)Debug( 584): 05/26/25 17:20:34:831 Network is reachable
(P5708-T7756)Debug( 104): 05/26/25 17:20:39:883 connect failed with 5 seconds timeout.
(P5708-T7756)Debug( 628): 05/26/25 17:20:39:883 Failed to connect to 2604:5580:22::xxxx:xxxx on 443 with return value -1 and socket error 0(0)
(P5708-T7756)Debug( 935): 05/26/25 17:20:39:883 do_tcp_connect() failed
(P5708-T7756)Error(13828): 05/26/25 17:20:39:883 ConnectSSL: Failed to connect to '2604:5580:22::xxxx:xxxx:443'. Disconnect ssl.>>>>>>

• Mobile Network that only provides IPV6 address
• GlobalProtect App
• IPv4 configured on the firewall
• Window

• This is due to the DNS64 mechanism, where the Mobile Network DNS server is changing an IPv4 address to an IPv6 address by combining a predefined IPv6 prefix. Document

1. Disable IPV6 on the client Physical Network Interface Card (NIC)

2.  If completely disabling IPV6 on the client physical interface network card is not possible in the customer environment, then configure to prefer IPv4 over IPv6 by using the registry key entries

• • Login to your computer as an Administrator
  • Run the registry editor (regedt32.exe)
  • Add a registry key as per the screenshot below, then reboot the machine for the change to take effect
    Location: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
Key: DisabledComponents
Type: REG_DWORD
Value: 0x20 

• Microsoft doc