12-24-2013 11:33 AM
Hello. Is it possible to launch a logon script to map drives after connecting with GlobalProtect in on-demand mode? I know we could create a script to launch manually after a connection to map the drives but would like an automated method.
Thanks!
12-24-2013 05:19 PM
Hello ldavie,
Currently we do not have the ability for a GP client to launch script after successful tunnel establishment. However I do a see a feature request (FR ID : 2572) submitted to our development team to be included in our future release.
The feature request will include a logon script to include:
1.) Modifying routes on local client
2.) Letting the host setup mapped drives across the tunnel
3.) Re-executing logons so domain GPOs and other things can be accomplished.
You can request your account's SE to vote for it.
Hope that helps!
Thanks and regards,
Kunal Adak
12-24-2013 05:19 PM
Hello ldavie,
Currently we do not have the ability for a GP client to launch script after successful tunnel establishment. However I do a see a feature request (FR ID : 2572) submitted to our development team to be included in our future release.
The feature request will include a logon script to include:
1.) Modifying routes on local client
2.) Letting the host setup mapped drives across the tunnel
3.) Re-executing logons so domain GPOs and other things can be accomplished.
You can request your account's SE to vote for it.
Hope that helps!
Thanks and regards,
Kunal Adak
12-24-2013 06:16 PM
Hello Idavie,
We are using Global Protect with pre-logon authentication (Using a digital certificate). We allow the pre-logon account to access the file shares and domain controllers. This allows our users to have their drive mappings and keep their AD password synced on the laptop with the domain.
Hope this provides an option that might work for you.
Phil
01-02-2014 03:29 PM
Thanks for your replies, very helpful!
01-02-2014 03:42 PM
Thanks for that idea Phil. I have not tried pre-logon. Just so I understand better you chose pre-logon as the connect method and supplied a cert. Did you create that cert on your own CA against an account in the domain, then import that cert to the firewall and push it out to the clents with AD? I am assuming that with this option the laptops will always be conencted to the VPN when an internet connection is present and they never acurally have to log into it? Does this also happen while they are on the corporate network?
Thanks,
Levin
01-13-2014 10:50 AM
Levin,
We imported a corporate (Active Directory) cert into PaloAlto and issued a cert (with password) to be installed on corporate laptops. We are looking at having a cert pushed out via a GPO. This allows the user to log into the domain directly. Internal Host detection setting will tell the client if they are on the corporate network. You then see a house in front of the globe
as opposed to the shield 
.
Phil
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
