Global Protect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect

Not applicable

Hi all,

im tryng various option to disable the global protect client on my macbook.

The vpn client works fine, but if i select the disable option with ticket, or with pass code, and try to disconnect from the client it's disconnect without challange or request password. I've also specified to doesn't display the advenced tab and i see the option in grey... disabled, but if i click on show pannel it's also in advanced mode.

The authentication type is local database, on demand.

16 REPLIES 16

Palo Alto Networks Guru

GlobalProtect actually tries to cache and re-use credentials provided by the user for portal and the gateway. Meaning, the credentials you entered for the portal would be re-used for the gateway connection. Because you use two different authentication profiles for portal and gateway, the authentication with the cached credentials fails and we prompt you to enter the password again, or in your case the SecurID PIN and Tokencode. This is actually expected behaviour.

Though, unlike other applications we don't try to authenticate over and over again with those cached credentials, hoping that the authentication server would magically accept those credentials. Instead, we only try once and the prompt the user.

We are working on some improvements on improving the product experience so that you won't see an error messages due to a failed first authentication. But for now, this is why you see the behaviour you described.

Functionally, it should work fine though, with the log errors being an annoyance right now.

We have actually the same issue of reusing cached credentials by GP. We have single auth profile for both portal and gateway and are using RSA SecurID. We have noticed that:

a) at least portal caching attempts occur automatically without user's request

b) sometimes credentials are cached and the worst thing, they are reused, despite entering proper credentials in the popu window (thus multiple auth errors). And we also have password remembering disabled in the GP settings.

That doesn't occur all the time, but when it does, the only way to get out of that reusing old creds loop is to reboot the machine.

We are on GP 1.1.4 btw and I have the case open #69378

  • 11294 Views
  • 16 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!