our GP environment has PA device in cluster running both portal and gateway,
users authenticate to the portal using OTP and GW is also configured for OTP
we can see that users are authenticating and using GP well but when they put the computer into sleep/shutdown and go to other place then GP wont ask them for password again but will try to authenticate the GP with a Cached OTP
causing users to be locked.
does anyone have idea why is it?
You didn't tell us GP version, but from GlobalProtect-1.2.10-RN.pdf you can read:
Addressed Issues 1.2.10
The following issue has been addressed in this release:
• 60763—After coming out of hibernation, a GlobalProtect client was able to connect without being prompted to authenticate. This occurred even though the user had been unable to save authentication credentials and the option to Allow user to save password was cleared in the GlobalProtect portal configuration (Network > GlobalProtect Portals > Client Configuration). This issue has been resolved so that when the Allow user to save password option is cleared in a GlobalProtect portal configuration, the user is always prompted to enter credentials to authenticate.
Please upgrade to 1.2.10 and try
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!