Hi All; I work with a Platinum Partner of Palo Alto Networks and I have a few tested workarounds for customers looking to keep their devolutions VPN functionality but cannot connect to Palo Alto Firewalls using the Global Protect Client.
These workarounds assume that you are comfortable installing a 3rd party VPN client or using Windows native VPN on Windows 10 and are not looking for Host Information (Licensed GlobalProtect Features) to remain as part of the connection. If you just want to connect to the VPN through devolutions and do not mind using another tool other than the GlobalProtect client which comes with the firewall...read on.
Workaround 1: Use another VPN Client. On Windows/Linux machines you can use VPNC clients to connect to Palo Alto Networks.
Step 1) Download the the VPNC client for Windows: https://sourceforge.net/projects/vpncfe/
Step 2) Configure X-AUTH for Global Protect on your firewall: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkhCAC
Step 3) Configure a custom VPN connection https://forum.devolutions.net/topic27462-how-to-setup-a-custom-command-line-for-vpn.aspx (Make sure it's custom and not generic).
Note: You will need to make sure that a VPNC configuration file is put on the systems which uses a groupname and password. You can also harden this with a certificate as well but those aren't included in the instructions.
Workaround 2: Use new IKEV2 for Windows Native VPN. This is similar to how Azure connects to the firewall and is natively supported by devolutions.
Step 1) Setup IKEV2 for Windows machines: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm6WCAS
Step 2) Connect to the firewall using IKEV2 on Windows: https://strongvpn.com/setup-windows-10-ikev2/
Step 3) Setup a "Microsoft VPN" in the devolutions wizard: https://help.remotedesktopmanager.com/index.html?vpn.htm
Things that don't work: Using Anyconnect (Cisco) to connect to Palo Alto, Scripting Global Protect or making it a custom VPN (No CLI/Powershell)
Good luck all.