Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Always on/Pre-Logon GP and Windows logon time

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Always on/Pre-Logon GP and Windows logon time

L4 Transporter

Does anyone have any tweaks or suggestions that might improve the windows logon time when GP is configured as pre-logon always on? Our users have gotten used to waiting sometimes up to 5 minutes after logging in before they see their windows desktop. The only way we have found to alleviate that is to set GP to on-demand (not an option) or uninstall it completely (also not an option) 

 

Any tips or tricks? Or is this just "how it is" in this config?

 

TIA

6 REPLIES 6

L7 Applicator

Do you have the same issue if you remove pre logon. This also may not be an option but may help in finding out if its the combination thats causing the issue...

 

L7 Applicator

Also... is this for internal or external gateways, as in lan or wifi.....

if wifi then you could have an issue where the wifi will not connect until the user has actually logged in....

 

GP may be trying and failing prior to user logon.

 

i did have a play with this a while ago but gave up as the only reason we would use it would be to diagnose why GP was not connecting, but of course if this was the case then pre logon was pointless.

 

it is possible to get wifi to connect before user logon by modifying/adding a key in reg HKLM.

 

Search on interweb for “%comspec% /c netsh wlan connect name="<profile name>"” if you need to persue this further.

 

 

@Mick_Ball

 

This will happen on wired devices as well (Like the one I am using today) we only use external gatways so I cannot speak to any internal ones. I will do some digging on possible registry settings, I know we did use a few from an official PA dovcument related to GP regesry keys but so far this login delay time is the only thing we hvae not been able to alleviate. I have also heard from others at Ignite they have the same issue and they just accept it is normal for a pre-logon type of config. Interesting to note is that 1 out of every 50 or so logins does not have the delay and you get logged right in. 

 

Just adding more details:

This happens with our win10, win7 devices, laptops, surface books, and HP thin client boxes. I have tested with a mac and I do not see the issue. When used in on demand mode without pre-logon I do not see the issue. 

 

At this point it would be nice to know this is not "normal" and there is a way to speed up the login process with this type of GP setup *but* its been about a year since we migrated from pulse to GP and the users have settled and some have expressed how much they love it being already connected etc

 

wow, still happens on wired... strange.

I can't really advise any further, somebody else will jump in if they see something obvious here...

 

can I assume you have examined the GP client logs. they do contain a lot of info, but of course, not why that info has appeared in the first place but i find the timings of events quite helpful.

 

it may be that within your 5 min delay, only the last 30 seconds are in use by GP.

 

I would ask if you really need pre logon... our GP connects within seconds of desktop availability... (well most of the time)

 

please update if any progress....

 

 

Hi @hshawn

 

What security policies do you have enabled for the pre logon user? Are all devices with this problem domain joined? Do you have the option "Require Global Protect for Network Access" enabled? Does it happen in the internal and external network? When this issue happend on a connected client from external, do you have dropped traffic in your logs?

 

@hshawn,

This doesn't really help you at all but I know a few Palo Alto employees that complain about the amount of time it takes there MacBook to login for the exact same issue. Sadly that doesn't really help things at all. 

 

I've only ever actually deployed this on two other installations and both were sub 1-2 minute login times which were deemed acceptable so I never really had to troubleshoot it too much. I've never really seen 5 minutes though. 

  • 3790 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!