01-14-2015 01:48 PM
I am having users complain that after installing Global Protect, their machine is taking a lot logger to login. We have Global Protect set up as an "always on" solution. So if your machine has access to the internet it will automatically connect. We are using certificate authentication at the machine and the user level. When a user's is not logged in, they press CTRL + ALT + DEL , enter in username and password and then wait for a long time for Windows to load their session. If they turn wireless off and Global Protect can't connect, login time is a lot faster.
01-14-2015 05:13 PM
Can you provide details about what your PAN-OS version and GP versions are? Also make sure that the gateways configured are specified by IP address. Could you also let me know what is the configured Cutoff time on the Gateways configuration (Network > GlobalProtect > Portals > Client Configuration > Gateways)? I suggest you leave the default (5).
01-15-2015 01:35 PM
| Software Version | 6.0.3 |
| GlobalProtect Agent | 2.1.1 |
I do not see the Cut off time Is it call something different in my version?
Thanks
01-15-2015 01:54 PM
You can try to speed up the GlobalProtect connection using auth cookies on PAN-OS 6.x.
To enable this, go to Network > Portal > edit your portal > Client Confguration > edit your client config. Set Authentication Modifier to "cookie authentication for config refresh". Set the Cookie Lifetime as desired (0, the default, means the cookie does not expire. If you prefer the cookie to expire, I suggest adjusting the setting to about a week's time).
01-15-2015 02:01 PM
The Authentication Modiefer is already set to "cookie authentication for config refresh"
And Cookie lifetime is set to one day.
01-15-2015 02:12 PM
Can you explain to me please, what the purpose of this cookie is and what the pros and cons are of having it 7 days vs 1 day?
Thanks!
01-15-2015 02:47 PM
Our cutoff time is set to 0. Can you explain what the cutoff time is?
01-15-2015 02:52 PM
The cookie is used to provide cookie-based agent authentication. The value is used to specify the number of days that the agent can use the cookie to authenticate to the portal for a configuration refresh; a value of 0 (the default) indicates that the cookie never expires. This document shows an example and and explains more about this feature: GlobalProtect Prelogon Using Cookie Based Authentication
01-15-2015 02:56 PM
"Cutoff time" specifies the amount of time (in seconds) the agent will wait for gateways to respond before determining the best gateway to connect to. The agent will then attempt to connect to only those gateways that responded within the specified Cutoff Time. The default value is 5. A value of 0 indicates that there is no cutoff time; the agent will wait until the TCP timeout
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
