Global Protect Gateway communication

Sec101 — Wed, 13 Mar 2019 15:28:48 GMT

Does anyone have insights into how often the client will talk to the gateway if used only for user-id and not utilizing a tunnel? I know you can set the portal refresh time, but how often does the client actually talk to the gateway after grabbing credentials of the current user when logged in? I ask, because we are testing some 3rd party VPN clients(NOT GP) in addition to GP for user-id, and seeing some inconsistencies when changing networks wirelessly.

Re: Global Protect Gateway communication

gwesson — Wed, 13 Mar 2019 20:25:07 GMT

Strictly speaking, the client doesn't talk to the gateway if you are just using it for authentication. It only communicates with the portal to send HIP data (if licenced and configured) and user credentials. It uses TLS to do so, with whatever auth profile you set on the portal.

But you also say that you are testing 3rd party VPN clients, so it sounds like you are using a tunnel (SSL-VPN is a tunnel, even if not using IPSec). Only GlobalProtect is supported for native authentication. If you aren't using GlobalProtect, you'll need a captive portal to ensure everyone authenticates.

topic Re: Global Protect Gateway communication in General Topics

Global Protect Gateway communication

Re: Global Protect Gateway communication