Global Protect connection windows

Reply
L1 Bithead

Global Protect connection windows

Guys,

It's there a way to hide the windows of global protect if the user can't connect to the portal?.

I need to do this super transparent to the user, now i'm installing the client with this settings:

GlobalProtect.msi /quiet ENABLEADVANCEDVIEW="NO" SHOWAGENTICON="NO" CONNECT-METHOD="pre-logon" CANCHANGEPORTAL="NO" CANPROMPTUSERCREDENTIAL="NO" PORTAL="--portalurl--"

 

But if the user can't reach the portal a windows saying :""Could not connect to the portal" appears with a button that says "Connect", i need to hide this type of dialogs to the user.

 

Thanks for your help!!

Tags (1)
L7 Applicator

Re: Global Protect connection windows

Hi @gustavosj

 

This topic was already discussed a lot here. In some cases there are solutions and (unfortunately) in other cases there is almost no way to do everything completely transparent to the user. So lets try it this time with your situation ;) But before we recommend you something that does not apply to your environment, I kindly ask you to answer these questions:

  • Does this dialog only appears in case of connection problems or also right after the installation is complete?
  • What PAN-OS version do you have installed on your portal and gateway?
  • As you specified pre-logon, you already use certificates, right? User or client certificates?
  • What additional authentication are you using (ldap, radius, ...)?
  • You're trying to hide everything completely from the users eyes, so I assume you aren't using any multi-factor-authentication? (TOTP, SMS, ...)
  • What GP agent version do you use?
  • Does your company already have a SAML IdP infrastructure (e.g. Microsoft ADFS)?
L1 Bithead

Re: Global Protect connection windows

Dear sorry for the delay in the answer.

 

 

  • Does this dialog only appears in case of connection problems or also right after the installation is complete?

Only appears in connection problems.

 

  • What PAN-OS version do you have installed on your portal and gateway?
    8.0.4 (the last one i think)

 

  • As you specified pre-logon, you already use certificates, right? User or client certificates?

User Certificate.

 

  • What additional authentication are you using (ldap, radius, ...)?

LDAP

 

  • You're trying to hide everything completely from the users eyes, so I assume you aren't using any multi-factor-authentication? (TOTP, SMS, ...) Exactly.

 

  • What GP agent version do you use?

4.0.3

 

  • Does your company already have a SAML IdP infrastructure (e.g. Microsoft ADFS)?

Nop

 

 

Thanks!!

L7 Applicator

Re: Global Protect connection windows

Hi @gustavosj

 

So you upgraded to 4.0.3 this week as this version wasn't released when you started this topic, but anyway have you set the same MSIEXEC setting in your portal configuration?

 

Btw: Does pre logon work with user certificates as they shouldn't be available for the connection prior to login?

L1 Bithead

Re: Global Protect connection windows

Yes user logon works perfectly in pre-logon and later in user logon.

The problem is that when i lost connection or if something blocks the connection to the portal, a screen in the app is showed saying that it is not possible to connect.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!