Global Protect client can't be disabled

cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect client can't be disabled

L1 Bithead

Hi

I've just rolled out the Global Protect client (version 1.1.6) to some contractors that need remote access to our network. I've got it setup as follows:

Portal config - Client Configuration

Options:- On Demand

Agent:     Enable advanced view - true

               User can save password - true

               Passcode - blank

               Confirm - blank

               Agent User Override - with comment

               Agent User Override Timeout - 0

               Max Agent User Overrides - 0

               Display welcome page - false

               Welcome Page - none

Agent Conf: Allow user to manually rediscover network location - true

                    Allow user to manually resubmit host information - true

I'm not doing any HIPs stuff.

What I need to happen is that the consultant launchs the agent when they need to connect and then shutdown the agent when they have finished using it. At the moment the agent runs everytime the PC starts and you can't close it once its running (the disable option is greyed out). I thought that enabling the Agent User Override option to "with comment" that they'd be able to shut the agent down.

Is it possible to stop the agent from running all the time and what could I have done wrong that means the agent can't be shutdown once its running?

Any help would be appreciated.

Cheers

Alan

The actual VPN connection is working great and everything seems to be working except this one last little issue.

Anyone got any thoughts?

Cheers

Alan

5 REPLIES 5

L6 Presenter

Did you restart the gp service on the client after making the changes to option "agent user override" on the firewall. For the changes to take effect we need to reconnect to portal and download the new settings on to the client.

Hi thanks for the reply

I've restarted the laptop several times and I've created a test client config to try and resolve my issues with so I don't effect current users. I've confirmed in the logs that I'm getting the new policy. Still not able to disable the client.

I've just  made a change to the policy by setting the "Display welcome page" to factory default (previously it wasn't set) and restarting my test laptop. Now connecting the client I get the welcome page pop up so I know its got the right config. Still no disable option.

Weird. Any other thoughts.

Cheers

Alan

Hi

I've just noticed something else. In the Client Config I've got set "allow user to manually rediscover network location" and the option is greyed out in the client as well.

I've also set the Agent User Override to "with-passcode" and entered a passcode but thats made no difference either.

Cheers

Alan

Hi, I have tried this in my lab. Where I have the "agent override option" disabled and then I have later enabled this and restarted the gp client service but the client did not take the change and never gave the option to disable the client. This behavior is not expected can you please open a ticket with support.

'

Hi sdurga

Many thanks for taking the time to test this out. I'm contacting our Premium Support partner now.

Cheers

Alan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!