Connect Before Logon configuration is not working

Connect Before Logon configuration is not working

3937
Created On 05/05/22 15:45 PM - Last Modified 04/10/25 14:31 PM


Symptom


Connect Before Logon configuration is not working as expected

Environment


  • Palo Alto Firewalls
  • GlobalProtect App 5.2+
  • Connect Before Logon

Cause


Connect Before Logon did not work as expected due to additional configured settings that are not supported.

Resolution


  1. Connect Before Logon works before the user logs into their Windows laptop.
  2. It has limited resources and will not support the following features:
    1. Pre-logon and Pre-logon then On-demand connection methods.
    2. Platforms other than Windows.
    3. SSO credential.
    4. Save User Credentials.
    5. Customized labels for username and password.
    6. Welcome Message.
    7. Internal Gateway.
    8. Manually-only gateway or set preferred-gateway.
    9. Captive Portal.
    10. Hip Notification.
    11. Application version detection and upgrade.
    12. System default browser for SAML for GlobalProtect versions older than 6.0.4-26.
    13. HTTP proxy.
    14. Retain Connection on Smart Card Removal.

Additional Information


Connect Before Logon supports following features:

  1. Auto discovery gateway.
  2. Platforms Windows 10 and Windows 11.
  3. Authentication methods like SAML, LDAP, Radius or Smart Card.
  4. Two-factor authentication.
  5. Password update via RADIUS server.
  6. RSA passcode with all 3 types (PINPad, Fob, and PINless).
  7. System default browser for SAML for GlobalProtect versions 6.0.4-26 or higher.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OX3CAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language