Global Protect PreLogon question

Reply
L2 Linker

Global Protect PreLogon question

Hi All,

 

I am testing a build for Global Protect PreLogon which I have working to a degree.

 

When I log in for the first time I successfully connect to GP using machine cert. When I log out, it switches to the prelogon state.

 

When I reboot or boot the laptop, Global Protect is disconnected. Is there a way I can make GP connect as soon as the wireless interface comes up so it is in the prelogon state? All else looks good apart from that.

 

Using PA software 8.1.11 and GP 5.0.5

 

Regards

 

Adrian

L0 Member

Re: Global Protect PreLogon question

Adrian,

 

I was able to find this .doc. Not sure if this is what you are looking for but hopefully it starts us off in the right direction.

 

https://docs.paloaltonetworks.com/globalprotect/7-1/globalprotect-admin/globalprotect-quick-configs/...

 

Thanks,

 

William

L2 Linker

Re: Global Protect PreLogon question

I am still having a problem with pre-logon in the mornings, but it is connecting after a logout or reboot. One of the things that you may need to look at is the authentication for your pre-logon. If you have the client certificate as required, that may be part of the problem ( I am speculating). I have that set to none and pre-logon works for me after a logout and reboot, just not after a night with the computer off, booting in the morning.

 

Also, I am sure you have them right, but I messed that up the first time setting it up. Do you have the pre-logon agent config as the first config?

 

I am still chasing my demon related to the initial boot of the day, and hope that someone else responds to the thread and has the magic answer, but I wanted to try and help since we are chasing similar issues.

 

Bruce.

 


Bruce.

Learn at least one new thing every day.
L2 Linker

Re: Global Protect PreLogon question

What OS are you running on your clients? Are you positive WiFi has connected after a reboot?  Windows 7, for example, isn't going to connect to WiFi until a user logs in, while Windows 10 will.

Also, what are you settings Under PortalName > Agent > Pre-LogonConfigName > Authentication?  In my experience, if you have any of the options to save user credentials, generate cookie, or accept cookie enabled for the pre-logon user, it actually creates a lot of pre-logon connection failures.

L2 Linker

Re: Global Protect PreLogon question

My issue was resolved with a weekend of checks.

 

We found that the registry setting for PreLogon was changing and we had to change it back to a DWORD of 1, reboot and then prelogon on boot would work. We don't know why it is doing this but we have generated a group policy that checks the registry setting to ensure that it is correctly set.

 

I found that the laptop was sending messages for prelogon connection to the Palo Alto but it would never connect. Logging in would see Globalprotect connect and log off would see it switch to Prelogon mode. This lead me to believe the solution was working and lead to the investigation of the laptop settings. Since we have rectified this issue the problem has not resurrected itself.

 

Regards

 

Adrian

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!