https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-machine-pre-logon-coverted-into-a-user-connection/m-p/379905#M791 <P>Hi there, we are facing a weird situation with GlobalProtect pre-logon connections.</P><P>&nbsp;</P><UL><LI>We have some laptops with <STRONG>machine certificate only</STRONG> (they do not have user certificates deployed).</LI><LI>We want them to connect using this machine certificate, as "pre-logon", so they got limited/specific access to some company resources</LI><LI>They are able to establish GP VPN connection but their session is a normal user connection instead of a pre-logon connection because, somehow, the Machine Certificate value is used as if it were a user. So, in short, this is what I'm saying:<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="10.png" style="width: 1042px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29516iE87032529842832B/image-dimensions/1042x75/is-moderation-mode/true?v=v2" width="1042" height="75" role="button" title="10.png" alt="10.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="11.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29517iF58E9737FA52F796/image-dimensions/999x261/is-moderation-mode/true?v=v2" width="999" height="261" role="button" title="11.png" alt="11.png" /></span></LI></UL><P>&nbsp;</P><P>These are some useful logs I found in the Tech Support files:</P><P>&nbsp;</P><P>2021/01/14 13:23:05 info globalp GP-Por globalp 0 GlobalProtect portal client configuration generated. Login from: xxx.xxx.xxx.xxx, Source region: ES, User name: <STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>, Client OS version: Microsoft Windows 10 Pro , 64-bit, Config name: <STRONG>GP-Agent-HUB01-On-Demand</STRONG>.</P><P>&nbsp;</P><P>2021/01/14 13:23:11 info globalp GP-Gat globalp 0 GlobalProtect gateway user login succeeded. Login from: xxx.xxx.xxx.xxx, Source region: ES, User name: <STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>, Client OS version: Microsoft Windows 10 Pro , 64-bit.</P><P>&nbsp;</P><P>2021/01/14 13:23:11 info auth auth-su 0 <STRONG>Certificate validated for user</STRONG> '<STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>'. From: xxx.xxx.xxx.xxx.</P><P>&nbsp;</P><P>2021/01/14 13:23:12 info globalp GP-Gat globalp 0 GlobalProtect gateway client configuration generated. User name: <STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>, Private IP: 10.x.x.39, Client version: 5.1.3-12, Device name: <STRONG>COMMXTF47SVPGIT</STRONG>, Client OS version: Microsoft Windows 10 Pro , 64-bit, <STRONG>VPN type: Device Level VPN.</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>And this is the GlobalProtect Portal profile they are matching as per the logs (GP-Agent-HUB01-On-Demand):</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="9.png" style="width: 449px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29504i8BFD3A72F02F8D66/image-dimensions/449x410/is-moderation-mode/true?v=v2" width="449" height="410" role="button" title="9.png" alt="9.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="8.png" style="width: 480px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29505i4FB57EE2CC404608/image-dimensions/480x413/is-moderation-mode/true?v=v2" width="480" height="413" role="button" title="8.png" alt="8.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="7.png" style="width: 486px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29507iA628539BC2AE704E/image-dimensions/486x407/is-moderation-mode/true?v=v2" width="486" height="407" role="button" title="7.png" alt="7.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="6.png" style="width: 525px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29506i9F4867A507881E88/image-dimensions/525x437/is-moderation-mode/true?v=v2" width="525" height="437" role="button" title="6.png" alt="6.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="5.png" style="width: 541px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29509i263B6C16218B22B9/image-dimensions/541x443/is-moderation-mode/true?v=v2" width="541" height="443" role="button" title="5.png" alt="5.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="4.png" style="width: 812px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29508i3DE82C98BDAA2353/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="4.png" alt="4.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29511i7A15C4A611C3B254/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="3.png" alt="3.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 808px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29510i5C8D1A0D8154CBE3/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.png" style="width: 810px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29512i20AF4EDD1616094B/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="1.png" alt="1.png" /></span></P> Thu, 14 Jan 2021 13:40:51 GMT MarcelST 2021-01-14T13:40:51Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-machine-pre-logon-coverted-into-a-user-connection/m-p/379905#M791 <P>Hi there, we are facing a weird situation with GlobalProtect pre-logon connections.</P><P>&nbsp;</P><UL><LI>We have some laptops with <STRONG>machine certificate only</STRONG> (they do not have user certificates deployed).</LI><LI>We want them to connect using this machine certificate, as "pre-logon", so they got limited/specific access to some company resources</LI><LI>They are able to establish GP VPN connection but their session is a normal user connection instead of a pre-logon connection because, somehow, the Machine Certificate value is used as if it were a user. So, in short, this is what I'm saying:<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="10.png" style="width: 1042px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29516iE87032529842832B/image-dimensions/1042x75/is-moderation-mode/true?v=v2" width="1042" height="75" role="button" title="10.png" alt="10.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="11.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29517iF58E9737FA52F796/image-dimensions/999x261/is-moderation-mode/true?v=v2" width="999" height="261" role="button" title="11.png" alt="11.png" /></span></LI></UL><P>&nbsp;</P><P>These are some useful logs I found in the Tech Support files:</P><P>&nbsp;</P><P>2021/01/14 13:23:05 info globalp GP-Por globalp 0 GlobalProtect portal client configuration generated. Login from: xxx.xxx.xxx.xxx, Source region: ES, User name: <STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>, Client OS version: Microsoft Windows 10 Pro , 64-bit, Config name: <STRONG>GP-Agent-HUB01-On-Demand</STRONG>.</P><P>&nbsp;</P><P>2021/01/14 13:23:11 info globalp GP-Gat globalp 0 GlobalProtect gateway user login succeeded. Login from: xxx.xxx.xxx.xxx, Source region: ES, User name: <STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>, Client OS version: Microsoft Windows 10 Pro , 64-bit.</P><P>&nbsp;</P><P>2021/01/14 13:23:11 info auth auth-su 0 <STRONG>Certificate validated for user</STRONG> '<STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>'. From: xxx.xxx.xxx.xxx.</P><P>&nbsp;</P><P>2021/01/14 13:23:12 info globalp GP-Gat globalp 0 GlobalProtect gateway client configuration generated. User name: <STRONG>7836523f-2a31-4e61-8583-252ad100fc62</STRONG>, Private IP: 10.x.x.39, Client version: 5.1.3-12, Device name: <STRONG>COMMXTF47SVPGIT</STRONG>, Client OS version: Microsoft Windows 10 Pro , 64-bit, <STRONG>VPN type: Device Level VPN.</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>And this is the GlobalProtect Portal profile they are matching as per the logs (GP-Agent-HUB01-On-Demand):</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="9.png" style="width: 449px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29504i8BFD3A72F02F8D66/image-dimensions/449x410/is-moderation-mode/true?v=v2" width="449" height="410" role="button" title="9.png" alt="9.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="8.png" style="width: 480px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29505i4FB57EE2CC404608/image-dimensions/480x413/is-moderation-mode/true?v=v2" width="480" height="413" role="button" title="8.png" alt="8.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="7.png" style="width: 486px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29507iA628539BC2AE704E/image-dimensions/486x407/is-moderation-mode/true?v=v2" width="486" height="407" role="button" title="7.png" alt="7.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="6.png" style="width: 525px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29506i9F4867A507881E88/image-dimensions/525x437/is-moderation-mode/true?v=v2" width="525" height="437" role="button" title="6.png" alt="6.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="5.png" style="width: 541px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29509i263B6C16218B22B9/image-dimensions/541x443/is-moderation-mode/true?v=v2" width="541" height="443" role="button" title="5.png" alt="5.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="4.png" style="width: 812px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29508i3DE82C98BDAA2353/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="4.png" alt="4.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="3.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29511i7A15C4A611C3B254/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="3.png" alt="3.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 808px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29510i5C8D1A0D8154CBE3/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.png" style="width: 810px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29512i20AF4EDD1616094B/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="1.png" alt="1.png" /></span></P> Thu, 14 Jan 2021 13:40:51 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-machine-pre-logon-coverted-into-a-user-connection/m-p/379905#M791 MarcelST 2021-01-14T13:40:51Z