topic Re: Is Palo Alto Globalprotect Always On mode possible only for the portal? in General Topics

Is Palo Alto Globalprotect Always On mode possible only for the portal?

nikoolayy1 — Thu, 15 Apr 2021 18:38:12 GMT

Hello to All,

Is it possible to set the Globalprotect Always-ON mode enable Single Sign On, so that the user automatically logs into the portal but after that the user to need to authenticate to the gateway?

The idea is that for the portal and gateway different authentication methods are used and the gateway authentication method does not use the Windows credentials. This why also the cookie override option is not used.

I currently don't have a test firawall to test such setup with the Always-ON mode.

Re: Is Palo Alto Globalprotect Always On mode possible only for the portal?

Mick_Ball — Fri, 16 Apr 2021 12:43:45 GMT

I would assume that if you have different auths for portal and gateway then the user should be auto prompted for the gateway credentials by default, are you not seeing this,,, what is your gateway auth method?

Re: Is Palo Alto Globalprotect Always On mode possible only for the portal?

reaper — Thu, 22 Apr 2021 07:27:20 GMT

you can use cookies (set to a long expiration) to always be authenticated to the portal, but use regular authentication for the gateway