as described in the "GlobalProtect 1.1.6: Addressed Issues" (issue point 35361) the unnecessarily reconnection after sleep/hibernate mode should be fixed.
We are using the GlobalProtect Version 1.1.7 . The portal configuration are:"On demand" mode, as authentication "certificate profile" only,single sign-on on, agent user override disabled, disabled rediscover network option, enabled resubmit host information and client upgrade "transparent".
But the client is still trying to reconnect after sleep/hibernate mode...
Any ideas how to fix it?!
Thanks in advance!
Per the release notes:
When GlobalProtect is configured with on-demand mode and the client PC goes into sleep or hibernate mode, when the PC starts back up the GlobalProtect agent was reconnecting to the Portal and performing a configuration update. This should not occur, if on-demand mode is configured, the agent will now disconnect and will not try to rediscover the network after coming out of sleep/hibernate. The user must manually re-connect. If on-demand is not enabled, the client PC will maintain the VPN once it comes out of sleep/hibernate mode.
Can you only have on-demand enabled and turn SSO off and test again?
changed the configuration as you said. Now, after sleep mode following happens:
Firstly, the Agent said "Connected". Traffic was not possible anymore (webbrowsing , VPN policies to the company network etc.). In the logs no activities.
After few seconds the Agent said "Retrying"... (waiting again few seconds)... and then "Not Connected"...
To be sure, i test it again:
restarting laptop. Connected to the VPN and turned sleep mode on and off. After the login the Agent told me: Portal error message "client certificate error". So in the background the agent tried again to reconnect....
Does it make sense? Should it be so? And why i cannot use SSO and on-demand at the same time?
Need urgent a solution...
Just as a note, if you are in real problem you should contact the support address (dont forget to update this thread once resolved) since this is just a community forum (meaning even if one can think that PA people should monitor this and on their own fire up support cases unfortunately one need to manually contact support for real help (or whatever I should call it)).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!