This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Global Protect

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect

fcellini
Not applicable

‎02-06-2012 05:40 AM

Hi all,

im tryng various option to disable the global protect client on my macbook.

The vpn client works fine, but if i select the disable option with ticket, or with pass code, and try to disconnect from the client it's disconnect without challange or request password. I've also specified to doesn't display the advenced tab and i see the option in grey... disabled, but if i click on show pannel it's also in advanced mode.

The authentication type is local database, on demand.

0 Likes Likes
16 REPLIES 16

mwalter
Palo Alto Networks Guru
In response to djrodb

‎02-16-2012 11:48 AM

GlobalProtect actually tries to cache and re-use credentials provided by the user for portal and the gateway. Meaning, the credentials you entered for the portal would be re-used for the gateway connection. Because you use two different authentication profiles for portal and gateway, the authentication with the cached credentials fails and we prompt you to enter the password again, or in your case the SecurID PIN and Tokencode. This is actually expected behaviour.

Though, unlike other applications we don't try to authenticate over and over again with those cached credentials, hoping that the authentication server would magically accept those credentials. Instead, we only try once and the prompt the user.

We are working on some improvements on improving the product experience so that you won't see an error messages due to a failed first authentication. But for now, this is why you see the behaviour you described.

Functionally, it should work fine though, with the log errors being an annoyance right now.

0 Likes Likes

andrewl
L0 Member
In response to mwalter

‎03-22-2012 02:13 PM

We have actually the same issue of reusing cached credentials by GP. We have single auth profile for both portal and gateway and are using RSA SecurID. We have noticed that:

a) at least portal caching attempts occur automatically without user's request

b) sometimes credentials are cached and the worst thing, they are reused, despite entering proper credentials in the popu window (thus multiple auth errors). And we also have password remembering disabled in the GP settings.

That doesn't occur all the time, but when it does, the only way to get out of that reusing old creds loop is to reboot the machine.

We are on GP 1.1.4 btw and I have the case open #69378

0 Likes Likes
  • 9761 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks