Global Protect - Long Windows login time

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect - Long Windows login time

Not applicable

I am having users complain that after installing Global Protect, their machine is taking a lot logger to login. We have Global Protect set up as an "always on" solution. So if your machine has access to the internet it will automatically connect. We are using certificate authentication at the machine and the user level. When a user's is not logged in, they press CTRL + ALT + DEL , enter in username and password and then wait for a long time for Windows to load their session. If they turn wireless off and Global Protect can't connect, login time is a lot faster.

9 REPLIES 9

L2 Linker

Can you provide details about what your PAN-OS version and GP versions are? Also make sure that the gateways configured are specified by IP address. Could you also let me know what is the configured Cutoff time on the Gateways configuration (Network > GlobalProtect > Portals > Client Configuration > Gateways)? I suggest you leave the default (5).

Software Version6.0.3
GlobalProtect Agent2.1.1

I do not see the Cut off time Is it call something different in my version?

Thanks

L7 Applicator

You can try to speed up the GlobalProtect connection using auth cookies on PAN-OS 6.x.

To enable this, go to Network > Portal > edit your portal > Client Confguration > edit your client config. Set Authentication Modifier to "cookie authentication for config refresh". Set the Cookie Lifetime as desired (0, the default, means the cookie does not expire. If you prefer the cookie to expire, I suggest adjusting the setting to about a week's time).

The Authentication Modiefer is already set to "cookie authentication for config refresh"

And Cookie lifetime is set to one day.

Can you explain to me please, what the purpose of this cookie is and what the pros and cons are of having it 7 days vs 1 day?

Thanks!

L2 Linker

cutoff.JPG

Our cutoff time is set to 0. Can you explain what the cutoff time is?

The cookie is used to provide cookie-based agent authentication. The value is used to specify the number of days that the agent can use the cookie to authenticate to the portal for a configuration refresh; a value of 0 (the default) indicates that the cookie never expires. This document shows an example and and explains more about this feature: GlobalProtect Prelogon Using Cookie Based Authentication

"Cutoff time" specifies the amount of time (in seconds) the agent will wait for gateways to respond before determining the best gateway to connect to. The agent will then attempt to connect to only those gateways that responded within the specified Cutoff Time. The default value is 5. A value of 0 indicates that there is no cutoff time; the agent will wait until the TCP timeout

  • 6129 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!