Global Protect - Long Windows login time

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Reply
Highlighted
Not applicable

Global Protect - Long Windows login time

I am having users complain that after installing Global Protect, their machine is taking a lot logger to login. We have Global Protect set up as an "always on" solution. So if your machine has access to the internet it will automatically connect. We are using certificate authentication at the machine and the user level. When a user's is not logged in, they press CTRL + ALT + DEL , enter in username and password and then wait for a long time for Windows to load their session. If they turn wireless off and Global Protect can't connect, login time is a lot faster.

Highlighted
L2 Linker

Re: Global Protect - Long Windows login time

Can you provide details about what your PAN-OS version and GP versions are? Also make sure that the gateways configured are specified by IP address. Could you also let me know what is the configured Cutoff time on the Gateways configuration (Network > GlobalProtect > Portals > Client Configuration > Gateways)? I suggest you leave the default (5).

Highlighted
Not applicable

Re: Global Protect - Long Windows login time

Software Version6.0.3
GlobalProtect Agent2.1.1

I do not see the Cut off time Is it call something different in my version?

Thanks

Highlighted
L6 Presenter

Re: Global Protect - Long Windows login time

You can try to speed up the GlobalProtect connection using auth cookies on PAN-OS 6.x.

To enable this, go to Network > Portal > edit your portal > Client Confguration > edit your client config. Set Authentication Modifier to "cookie authentication for config refresh". Set the Cookie Lifetime as desired (0, the default, means the cookie does not expire. If you prefer the cookie to expire, I suggest adjusting the setting to about a week's time).

Highlighted
Not applicable

Re: Global Protect - Long Windows login time

The Authentication Modiefer is already set to "cookie authentication for config refresh"

And Cookie lifetime is set to one day.

Highlighted
Not applicable

Re: Global Protect - Long Windows login time

Can you explain to me please, what the purpose of this cookie is and what the pros and cons are of having it 7 days vs 1 day?

Thanks!

Highlighted
L2 Linker

Re: Global Protect - Long Windows login time

cutoff.JPG

Highlighted
Not applicable

Re: Global Protect - Long Windows login time

Our cutoff time is set to 0. Can you explain what the cutoff time is?

Highlighted
L2 Linker

Re: Global Protect - Long Windows login time

The cookie is used to provide cookie-based agent authentication. The value is used to specify the number of days that the agent can use the cookie to authenticate to the portal for a configuration refresh; a value of 0 (the default) indicates that the cookie never expires. This document shows an example and and explains more about this feature: GlobalProtect Prelogon Using Cookie Based Authentication

Highlighted
L2 Linker

Re: Global Protect - Long Windows login time

"Cutoff time" specifies the amount of time (in seconds) the agent will wait for gateways to respond before determining the best gateway to connect to. The agent will then attempt to connect to only those gateways that responded within the specified Cutoff Time. The default value is 5. A value of 0 indicates that there is no cutoff time; the agent will wait until the TCP timeout

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!