How to generate cookies on GlobalProtect Portal and use cookies for Gateway Authentication

How to generate cookies on GlobalProtect Portal and use cookies for Gateway Authentication

28131
Created On 03/22/19 02:09 AM - Last Modified 03/22/19 14:42 PM


Objective
This article explains how to generate a cookie by connecting to GlobalProtect Portal and using that cookie for Gateway Authentication.

Environment
Applicable for all PAN-OS versions.

Procedure
Steps to Enable Cookie Generation on GlobalProtect Portal

1. Navigate to Network > GlobalProtect > Portals
2. Open the Portal Profile
3. Click Agent tab and click Agent Config
4. Enable "Generate cookie for authentication override"
5. Set the Cookie Lifetime per your requirement (default is 24 hours)
6. Select Certificate to Encrypt/Decrypt Cookie

(GlobalProtect Portal in Configs on Authentication Tab to enable cookie generation)
GlobalProtect Portal in Configs on Authentication Tab to enable cookie generation

Steps to Enable Cookie Acceptance in GlobalProtect Gateway

1. Navigate to Network > GlobalProtect > Gateways
2. Open the Gateway Profile
3. Click Agent tab
4. Click Client Settings and open Client Config
5. Click Authentication Override tab and enable "Accept cookie for authentication override"
6. Set the Cookie Lifetime per your requirement (default is 24 hours)
7. Select Certificate to Encrypt/Decrypt Cookie (NOTE: This certificate needs to be the same one that was selected in the Portal.)

(GlobalProtect Gateway in Configs on Authentication Override tab to accept cookie​​​​​​​)
GlobalProtect Gateway in Configs on Authentication Override tab to accept cookie


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boODCAY&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments