Been trying to look around about how to do this but not finding anything. So we are moving from AnyConnect to Global Protect. The transition has been fairly smooth but ran into a unique issue yesterday.
We have a small number of user's who are remote who can't come into the office and they are getting a new laptop shipped to them. In the past they were able to use AnyConnect to log into the VPN before logging into the PC because they didn't have any cached credentials. How do I set up the same thing in global protect?
Solved! Go to Solution.
if you configure GlobalProtect for "prelogon", it creates a tunnel based on the machine certificate before the user has logged on
Does that pre-logon tunnel connect on a newly imaged machine?
I thought the user had to log in first to get that to work.
at the pre-logon stage the user has not logged into windows yet so is unknown
GP runs in the background and authenticates using an installed machine certificate as an 'unknown user' so it is connected to your infrastructure so your user can log on
cookie-enabled prelogon is also an option, but that does require the user to have logged on once before it will start working:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!