GlobalProtect Always On Issue

Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect Always On Issue

L1 Bithead

I am currently testing GlobalProtect Always on, I have configured to operate at user logon. The issue I am having is that on start-up of my laptop, on my corporate network I am prevented from any network access. If I connect to my public WIFI and connect GlobalProtect and can access my network ok. Reverting back to my corporate network and it then detects I am on my internal network and allows access to the network ok.

If I restart my laptop I faced with the same problem. If the laptop starts on the corporate network GlobalProtect fails to detect its on internal network.

I have configured Internal Host Detection (which is working if GP has connected previously.

It's not usable in this form, am I missing something?


L5 Sessionator



You are required to use an authentication profile on the Portal (user and/or cert). There are a couple was to fudge no authentication after an initial connection (using saved creds/cookies/etc.), but it is a bad idea for obvious reasons. So I haven't put much work into it.


Ideally you want to use a machine or user certificate for the Portal login. That will allow your clients to be transparent in the connecting to the Portal, while protecting you from unauthorized clients download the GP client and/or config off the Portal.


So I have got myself a little confused with the whole setup.

Originally I had an external portal and gateway. When a user is at home they launch the GP app and are prompted for a username and password to connect - All great.

I have now configured a new Internal Portal and have set the authentication to user name or certificate, but when connecting my laptop to my internal network I get prompted for a username and password. 

So what I am ultimately looking to achieve is. Always on VPN for when the user is offsite outside our network. But when they are back on our network Internal Host Detection kicks without interaction from the user.


I am close to achieving this but I am still required to login even when connected to the internal network - Once logged in it detects the internal network.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!