How to add multiple portal for connect before logon
9535
Created On 04/25/23 08:30 AM - Last Modified 07/15/23 03:25 AM
Objective
- To Provide a way to connect to GlobalProtect VPN using user credentials even before the user logs into the windows .
- To allow users to select portal from the multiple portal addresses while using Connect Before Logon.
Environment
- Palo Alto Firewalls
- GlobalProtect Agent 5.2 and above.
- Windows 10 and later
- Connect Before Logon
Procedure
- If the portal address is not configured under PanSetup Registry or CBL Registry, the user has to manually type the portal address after clicking on Network Sign-In.
- If configured, Connect Before Logon will use the default portal address or name in the Windows Registry (HKEY_LOCAL_MACHINE\SOFTWARE\PaloAlto Networks\GlobalProtect\PanSetup with key Portal).
- By default only one portal will be displayed to the end-user when they click on Network Sign-In.
- One can configure additional portal addresses or names that needs to be displayd in the Portal drop-down by changing the registry keys on the end user Windows endpoints.
- Upto five portal addresses or names can be added. Change the Windows registry on the end users’ Windows endpoints before you can define the portal addresses or names.
Steps:
---------
- Open the Windows Registry Editor and enter regedit on the command prompt.
- Select EditNewString Value to create a registry entry for each portal that you want to add.(check screenshot)
In example above, two portal addresses are defined.
Portal1: gp.bantu.lab
Portal2: gp2.bantu.lab
Portal2: gp2.bantu.lab
- Once configured in the registry the end user can choose from the list of portals after clicking Network Sign-In.
Additional Information
Deploy Connect Before Logon Settings In The Windows Registry