GlobalProtect Connects With Old Password Even After A Password Change

3472

Created On 12/09/20 00:53 AM - Last Modified 02/05/25 21:31 PM

Authentication Profile

Directory Sync Service

Directory Sync Service agent

GlobalProtect Agent

GlobalProtect App

GlobalProtect Gateway

GlobalProtect Portal

Group Mapping

IPSec

LDAP

User-ID agent

User Mapping

Authentication

Hardware

Initial Configuration

User-ID

VPNs

Remote Networks

GlobalProtect

Hardware

PAN-OS

VM-Series

Symptom

A user changes password and logs into machine with new password.
The password syncs to Active Directory/LDAP
End user then connects to GlobalProtect but the user is not prompted for password.

Environment

All versions of PAN-OS
GlobalProtect
Always-on connect method
LDAP or RADIUS authentication
NGFW Hardware/VM-Series
The option 'Save User Credential' is set to 'Yes'

Cause

If the portal and gateway agents use cookie for authentication override, the user is not prompted for the new password until the cookie expires. Further, the client continues to use this cookie for authentication until lifetime expiry.

Resolution

The user can log out of the GlobalProtect client and reconnect.
Pre-logon with machine certificate authentication can be considered for additional security.

GlobalProtect Connects With Old Password Even After A Password Change

Symptom

Environment

Cause

Resolution

Other users also viewed: