auth override cookie in Globalprotect

JimMcGrady — Tue, 02 Jun 2026 05:55:51 GMT

The clients that connect to our PanOS 11.1 GP gateway are Windows 11 corporate domain members. Currently, GP rarely prompts for a user auth. I gather it uses SAML from the users Windows login.

Our gateway has generate and accept cookie for authentication override set to yes. If i was to disable these, what would the effect be?

Re: auth override cookie in Globalprotect

reaper — Wed, 03 Jun 2026 21:34:42 GMT

without the cookies the users will need to authenticate every time they make a connection. depending on the SAML conditional access, the authentication may remain valid for an amount of time, or they will need to re-authenticate for _every_ connection (hopping to a new wifi SSID may already be enough to trigger a re-auth with a very strict conditional access)

if both portal and gateway are set to not use cookies, users will also need to authenticate twice, once for the portal and once for the gateway

topic Re: auth override cookie in Globalprotect in GlobalProtect Discussions

auth override cookie in Globalprotect

Re: auth override cookie in Globalprotect