GP GlobalProtect Client Tries to Connect Automatically upon Reboot/Service Restart

GP GlobalProtect Client Tries to Connect Automatically upon Reboot/Service Restart

51083
Created On 09/25/18 20:34 PM - Last Modified 06/13/20 02:14 AM


Symptom
The GlobalProtect client tries to connect automatically upon reboot/restart even if configured for on-demand mode.

Resolution
  • Upon reboot/service restart, the GP client is set to DEFAULT MODE, configured as follows::
    • user-can-save-password = True
    • on-demand = False
    • use-SSO = True
  • As seen in the above condition, SSO will always be the first method tried by the client. This initial connection/discovery to the portal using SSO is done by the client in order to find out if the configuration is set to On-demand mode or SSO.
  • If the mode is SSO, the client will connect successfully to the gateway. If the mode is found to be on-demand, the client will not proceed further and stop the connection. In On-demand mode, "connect" has to be clicked by the user manually for the client to connect to the gateway.
  • If the option "user can save password" is unchecked (user-can-save-password = False) in the portal config, the initial SSO connection will not succeed and a pop-up will show up asking for the username/password to be filled.

 

portal_setting.jpg

 

Snapshot of the default App settings for the Portals

  • Upon clicking the Apply button, the initial connection will happen and the configuration will be downloaded and applied. If the config was set to SSO mode, the change will take effect in  he next session following the change.  If set to on-demand, the change will take effect immediately.
 

owner: mvenkatesan.



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClhZ&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcSArticleDetail

Attachments
Choose Language