We have implimented Global Protect with radius authentication, username/password and a second prompt for OTP, this works great most of the time.
We have noticed that when our users connect from poor WiFi, or internet connections, there are times where connections drops out momentairly. This results in Global Protect disconnecting. The user then needs to re-authenticate. This is challeneging since our last remote access solution relied on certificates, which automatically re-authenticated without the users involvment. Is there a timer in Global Protect to buid some tolerance into the VPN connection before it disconnects? Any other workaround to solve this issue?
If the internet connect drops then the global protect will surely disconnect. It is like if we login into some bank website and if we disconnect and connect back the bank website will throw ssl error.
I see what you're saying, but from a usability standpoint, their must be some tolerance for poor connections. Imagine working, and every 10 mins or less you need to reconnect. It's one thing from home where you can work towards improving your connection, but when you are on the go and have no control of the hotel WiFi etc.
Is OTP requirement?
Maybe you can go with password and client certificate (that you enroll with your AD certificate server).
In this case even if password gets loose then client side certificate will keep bad guys out.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!