GlobalProtect and logon scripts

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect and logon scripts

L2 Linker

Hello. Is it possible to launch a logon script to map drives after connecting with GlobalProtect in on-demand mode? I know we could create a script to launch manually after a connection to map the drives but would like an automated method.

Thanks!

1 accepted solution

Accepted Solutions

L5 Sessionator

Hello ldavie,

Currently we do not have the ability for a GP client to launch script after successful tunnel establishment. However I do a see a feature request (FR ID : 2572) submitted to our development team to be included in our future release.

The feature request will include a logon script to include:

1.) Modifying routes on local client

2.) Letting the host setup mapped drives across the tunnel

3.) Re-executing logons so domain GPOs and other things can be accomplished.

You can request your account's SE to vote for it.

Hope that helps!

Thanks and regards,

Kunal Adak

View solution in original post

5 REPLIES 5

L5 Sessionator

Hello ldavie,

Currently we do not have the ability for a GP client to launch script after successful tunnel establishment. However I do a see a feature request (FR ID : 2572) submitted to our development team to be included in our future release.

The feature request will include a logon script to include:

1.) Modifying routes on local client

2.) Letting the host setup mapped drives across the tunnel

3.) Re-executing logons so domain GPOs and other things can be accomplished.

You can request your account's SE to vote for it.

Hope that helps!

Thanks and regards,

Kunal Adak

L4 Transporter

Hello Idavie,

We are using  Global Protect with pre-logon authentication (Using a digital certificate). We allow the pre-logon account to access the file shares and domain controllers.  This allows our users to have their drive mappings and keep their AD password synced on the laptop with the domain.


Hope this provides an option that might work for you.

Phil

L2 Linker

Thanks for your replies, very helpful!

Thanks for that idea Phil. I have not tried pre-logon. Just so I understand better you chose pre-logon as the connect method and supplied a cert. Did you create that cert on your own CA against an account in the domain, then import that cert to the firewall and push it out to the clents with AD? I am assuming that with this option the laptops will always be conencted to the VPN when an internet connection is present and they never acurally have to log into it? Does this also happen while they are on the corporate network?

Thanks,

Levin

Levin,

We imported a corporate (Active Directory) cert into PaloAlto and issued a cert (with password) to be installed on corporate laptops.  We are looking at having a cert pushed out via a GPO.  This allows the user to log into the domain directly. Internal Host detection setting will tell the client if they are on the corporate network.  You then see a house in front of the globeGP-House.png as opposed to the shield  GP-Shield.png  .

Phil

  • 1 accepted solution
  • 5672 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!