Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

L1 Bithead

Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

I've deployed GlobalProtect 4.0.3-31 to my lab machines.  When I log in, I get notifications that GlobalProtect is connecting, and then that it is not connected.  I'm not panicked because my portal is not available from my internal network.  Will switching to an On-Demand configuration make these notifications go away?

L4 Transporter

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

@John_Trask

On demand will keep the GP client from logging in automatically, the user will have to open up the client and choose to logon and get connected

L6 Presenter

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

@jdprovine has answered your question, but can i ask, why have you installed GP to lab devices if not needed.

 

just curious....

 

 

L6 Presenter

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

Excuse the brevity of my previous post.

had to pop out..

i was going to suggest internal host detection for globalprotect but as in a lab enviroment this may not be possible.

 

L1 Bithead

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

That's the behavior I want, but will it eliminate the icon in the system tray reporting an error (not connected)?  My users will go bonkers if they see that.

L1 Bithead

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

It's not that the lab machines don't need it, none of my computers will need it when they're connected to the corporate network.  This is strictly to allow corporate-owned computers to connect to our network when they're out in the wild.

L6 Presenter

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

@John_Trask

 

if you configure "internal host detection" in the globalprotect app config on the PA, the user icon will just change to a little house, no errors....

 

its under network/portals/agent/config/gateways

 

just choose an internal host and its relevant IP address... bingo.  we use it for our always on config.

 

please note that users will need to connect to the portal to get the new config.

L6 Presenter

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

pics belowinthostdet.pnggphome.png

L6 Presenter

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

also...

 

we allow access to the portal from our LAN.

only so that users can get the latest config whilst connected to the LAN.

 

we have 4,500 users with "always on" and "internal host detection" and have had no issues... works well..... 

 

the internal host option will prevent them from connecting to any of your gateway(s). providing the internal host is available.

 

not sure why PA never gave the option to add 2 or 3 internal hosts for maintenance or similar...

 

Mick.

L3 Networker

Re: Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

@MickBall's suggestion is the best option.  We are doing the same thing with our domain laptops.  This functions fairly well (occasionally a rediscover network is required as users just sleep thier computers between office and home).

 

Brian

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!