https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/436349#M96255 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/181759">@Ben-Price</a>,</P><P>If you allow authentication override it would bypass the device check that you have configured because it's just accepting the cookie and not performing the rest of the authentication process that would actually look at the device/custom checks that you have configured.&nbsp;</P> Fri, 24 Sep 2021 01:55:37 GMT BPry 2021-09-24T01:55:37Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/436073#M96228 <P>Hi All,</P><P>&nbsp;</P><P>A client recently updated to PAN OS 10.1.2 and is now receiving the below warning upon commit.&nbsp;</P><P>&nbsp;</P><P>2021-09-19 12:18:46.350 +1000 client sslvpn reported warning: Portal config 'GP_VPN': Authentication Override and Config Seletcion Criteria -&gt; Device Checks/Custom Checks are both configured, Authentication Override will be disabled.<BR />(Module: sslvpn)</P><P>&nbsp;</P><P>I am just trying to understand why they are receiving this warning. Is GP portal authentication override and device/custom checks not able to be configured at the same time?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BenPrice_0-1632382640904.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/36576i80096FA3DB6D521F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="BenPrice_0-1632382640904.png" alt="BenPrice_0-1632382640904.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BenPrice_2-1632382763240.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/36578iE8FB1139810AA0AB/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="BenPrice_2-1632382763240.png" alt="BenPrice_2-1632382763240.png" /></span></P><P>&nbsp;</P><P>Thanks in advance.</P> Thu, 23 Sep 2021 07:40:00 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/436073#M96228 Ben-Price 2021-09-23T07:40:00Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/436349#M96255 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/181759">@Ben-Price</a>,</P><P>If you allow authentication override it would bypass the device check that you have configured because it's just accepting the cookie and not performing the rest of the authentication process that would actually look at the device/custom checks that you have configured.&nbsp;</P> Fri, 24 Sep 2021 01:55:37 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/436349#M96255 BPry 2021-09-24T01:55:37Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/436354#M96257 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>&nbsp;thanks for that, makes sense.</P> Fri, 24 Sep 2021 02:28:55 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/436354#M96257 Ben-Price 2021-09-24T02:28:55Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/528840#M109183 <P>Sorry to drag up an old thread but I just started getting this error having enabled the cookie creation on the Portal and allowing the override on the Gateway.</P> <P>&nbsp;</P> <P>The device check I have on the Portal is making sure I have a machine certificate in place, the system is a domain system.&nbsp; Despite this error the cookie allows only one round of authentication whereas we were experiencing two rounds of authentication before making the cookie additions.</P> <P>&nbsp;</P> <P>Is the a bug?</P> Fri, 27 Jan 2023 08:51:36 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/528840#M109183 WilliamD 2023-01-27T08:51:36Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/1205186#M122997 <P>We use exactly this configuration : device check for selecting the config with domain registry key, and cookie generation in order to pass this cookie to the gateway. We are not bypassing the authentication in the portal, we only generate the cookie.</P> <P>&nbsp;</P> <P>I have the same warning, but this configuration seems to work as expected.</P> <P>&nbsp;</P> <P>PanOS 11.1.6.</P> Thu, 23 Jan 2025 14:04:54 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-warning-message-upon-commit/m-p/1205186#M122997 A2SR 2025-01-23T14:04:54Z