GlobalProtect Client Tries to Connect Automatically upon Reboot/Service Restart

• Upon reboot/service restart, the GP client is set to DEFAULT MODE, configured as follows::
  • user-can-save-password = True
  • on-demand = False
  • use-SSO = True
• As seen in the above condition, SSO (Single-Sign-On) will always be the first method tried by the client. This initial connection/discovery to the portal using SSO is done by the client in order to find out if the configuration is set to On-demand mode or SSO.
• If the mode is SSO, the client will connect successfully to the gateway. If the mode is found to be on-demand, the client will not proceed further and stop the connection. In On-demand mode, "connect" has to be clicked by the user manually for the client to connect to the gateway.
• If the option "user can save password" is unchecked (user-can-save-password = False) in the portal config, the initial SSO connection will not succeed and a pop-up will show up asking for the username/password to be filled.

• Upon clicking the Apply button, the initial connection will happen and the configuration will be downloaded and applied. If the config was set to SSO mode, the change will take effect in  he next session following the change.  If set to on-demand, the change will take effect immediately.

owner: mvenkatesan.