- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-14-2018 01:04 PM
Why is it necessary to enter "generate cookie for authentication override and accept cookie for the authentication override on both the portal and gateway? I would think it would make more sense to select generate cookie for authentication override on the portal and accept cookie for the authentication override on the gateway.
I am also not sure what you have to put authentication method on both the portal and the gateway.
09-14-2018 04:04 PM
Hi @jdprovine
If you only need the cookie for a better user experience during one login, then it is enough if you only generate the cookie ond the portal and accept it on the gateway.
If you have for example the requirement that a login should be valid for 7 days so that the user only has to log in again if he did not connect for 7 days, then I would also generate the cookies on the gateway. This way the cookie will also be renewed in case the portal is not available. Also because of that reason (portal not available) I would configure portal and gateway with the same authentication - to keep the authentication as you need it also in cases where a client (for whatever reason) skips the portal and connects to the gateway directly.
Hope this makes sense.
09-14-2018 04:04 PM
Hi @jdprovine
If you only need the cookie for a better user experience during one login, then it is enough if you only generate the cookie ond the portal and accept it on the gateway.
If you have for example the requirement that a login should be valid for 7 days so that the user only has to log in again if he did not connect for 7 days, then I would also generate the cookies on the gateway. This way the cookie will also be renewed in case the portal is not available. Also because of that reason (portal not available) I would configure portal and gateway with the same authentication - to keep the authentication as you need it also in cases where a client (for whatever reason) skips the portal and connects to the gateway directly.
Hope this makes sense.
09-15-2018 10:16 AM
Yes as per mr remo....
generate on portal and accept on gateway.
whatever auth you have on the portal, set same on the gateway.
cookie overide will prevent user having to authenticate again on gateway but needs to be there if portal is ever unavailablle
because client will use cached portal info and connect directly to the gateway(s) without a cookie.
pretty much repeated what @Remo already stated but im gonna post anyhows...
09-24-2018 06:20 AM
Yes just to make a better user experience so they don't have to log in twice and no I they would not be logged in for 7 days
So it looks like generate cookie on the portal and accept onthe gateway is the best way to go for me. I have both radius and OTP set on both the portal and the gateway. I have both native clients and globalprotect clients using the VPN.
09-25-2018 08:14 AM
I configured this and it worked just the way I wanted wooohooo
generate on portal and accept on gateway.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!