GlobalProtect Portal Config Not Updating After RefreshConfigInterval Expires

• GlobalProtect Portal config is not updating when GlobalProtect Client remains connected through expiration of RefreshConfigInterval (24 hour default).
• Manual intervention of 'Refresh Configuration' or reboot is needed to update the Portal Config.

*GlobalProtect

• Auth Override Cookie has not been implemented.
• GlobalProtect cannot prompt user for authentication as auto refresh config is designed to be silent.
• GlobalProtect  can only reply on auth override cookie to do Portal config refresh.
• In this case, auth override cookie is empty for the user and Portal authentication failed with empty password.
  

  (P10612-T12088)Debug(10505): 05/13/25 17:18:53:298 ----Portal Login starts---- (P10612-T12088)Debug(2841): 05/13/25 17:18:53:331 Unserialized empty cookie for portal xxx.domain.com and user username%40domain.com (P10612-T12088)Debug(3381): 05/13/25 17:18:53:744 Auth failed empty password for portal (P10612-T12088)Debug(10961): 05/13/25 17:18:53:744 Portal config is NULL. (P10612-T12088)Debug(9523): 05/13/25 17:18:53:744 Return false for saml/cas auth (P10612-T12088)Error(10995): 05/13/25 17:18:53:754 ProcessPortalLogin failed -2

• Configure GP Gateway to 'Generate cookie for authentication override'. You will also need to generate/import an SSL certificate to use for encrypt/decrypt of the cookie.

• Configure GP Portal to 'Accept cookie for authentication override'. Select the SSL certificate to use for encrypt/decrypt of the cookie.
  

• GlobalProtect Cookie Authentication on the Portal or Gateway

https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-user-authentication/how-does-the-app-know-what-credentials-to-supply/cookie-authentication-on-the-portal-or-gateway