10-31-2014 12:49 AM
Some of our users are experiencing automatic logon, even if the GlobalProtect is configured with on-demand. In most cases this is just a minor inconvenience, but one of our portals are configured with two-factor authentication, and when they chose "deny", GP continues to try and connect repeatedly. This is however inconvenient, since their users keep getting locket out.
It would seem that this occurs after hibernation, and that the OS is trying to "resume" the vpn connection as well(?). Although I've noticed this maybe 1 or 2 times in total on a desktop computer that did not come out of hibernation - I had to kill the application because it would not stop.
Has anyone encountered the same issue and/or know of a solution to this?
Thanks!
10-31-2014 03:43 AM
Hello pred-martin,
Please let me know the GP agent version running in your environment. There are 2 similar discussion thread for your reference:
Thanks
10-31-2014 04:05 AM
Hello pred-martin,
Ideally We'd expect that if the GP is set for ON Demand and SSO is disabled and that password is not saved, that the GP would not automatically connect when the laptop is awakened from sleep/hibernate. Hence, would it be possible for you to check with a newer version of agent to compare this behavior.
Thanks
10-31-2014 04:56 AM
Hello HULK,
We are using the newest 2.1.0. Want me to check with an older version instead?
Probably won't be able to check until next week though.
10-31-2014 04:59 AM
Hello pred-martin,
It would be great, if you can check with an another GP version. This is just to cross check this behavior. Did you try with "ON Demand and SSO is disabled and that password is not saved".
Thanks
11-04-2014 11:40 PM
Hi,
Sorry for late response. He was going to try to test this yesterday if he had the time, so I will hopefully get back to you on that soon :smileysilly:
But, another question, is there a timeout / retry setting for GlobalProtect anywhere?
11-05-2014 05:43 AM
Sorry for the inconvenience:
The retry interval increments after each unsuccessful attempts:
1st interval: 5 seconds
2nd interval: 10 seconds
3rd interval: 20 seconds
4th interval: 30 seconds
Beyond the 4th attempt, the interval remains at 30 seconds until network discovery is successful.
Thanks
11-05-2014 06:24 AM
I see, and this can't be changed anywhere?
11-06-2014 12:00 AM
So we've now tried an older version (2.0.1), and the same issue exist for this one. Except if we do as you mentioned regarding on-demand, SSO and remember me.
For each test we used on-demand, and SSO disabled, and it kept logging on - until we removed "remember me".
This seems awfully bothersome to make sure it won't logon by itself - turning off 3 "features" to stop it from doing this is not very pleasing :smileysilly:
Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
