topic Re: Internal host Detection and cookie authentication override on portal/gateway in GlobalProtect Discussions

Internal host Detection and cookie authentication override on portal/gateway

JoyLiu0331 — Sun, 01 Dec 2024 11:10:04 GMT

Hello,

I configured prisma access with GP Portal + External gateway and pre-logon always-on with Enforced Global protect Connection for Network Access, and also enable Internal host detection and cookie authentication override on both portal/gateway.

I have a question about process priority of IHD and cookie authentication override when user login windows pc?

The IHD will be processing first? or portal/gateway authentication do first? if client is on internal network.

If IHD is done first when client always work on internal network, does it mean the client will never need to do authenticate for gp portal and gateway.

Thanks.

Joy Liu

Re: Internal host Detection and cookie authentication override on portal/gateway

JayGolf — Wed, 04 Dec 2024 02:49:38 GMT

Hi @JoyLiu0331 ,

When a user logs in, Internal Host Detection runs first. If the client detects it’s on the internal network (like at the office), it skips connecting to the GP portal or gw. no authentication needed.

If the client is on an external network or IHD doesn’t succeed, that’s when the portal and gw auth kick in. In this case, the cookie auth override helps by skipping repeated logins.

So, if the user is always on the internal network and IHD works, they won’t need to authenticate to the GP portal or gateway at all.

Hope that clears it up!