Globalprotect client config - force push portal config update?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Globalprotect client config - force push portal config update?

L3 Networker
We rolled out a vpn solution with “on-demand” login. This has proved successful and we now wish to convert the configuration to be “always on”

I have changed the portal configuration to “prelogon always on”, but the clients do not pick up this config change unless they manually initiate an “on-demand” connection first. Then the portal config changes get pushed to the client.

What I am looking for is a way to force the client config to update to be always on without the user initiating a manual on demand connection to pull the new config.

How can I achieve this?
5 REPLIES 5

L6 Presenter

The problem is the client has a set config and given that the current state or previous state was "on-demand" any change you make on the firewall side won't be made to the client until they connect.

 

The only way to get this update on the clients without them connecting in is to modify the client machine directly:

 

 

Here's the high level:

 

https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/set-up-the...

 

 

Here's some more specific config parameters:

 

https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/set-up-the...

 

Finally (from the above link) here's the link on how to make the change to the client you want:

 

https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/set-up-the...

Excellent! I’ll liaise with the team tomorrow and see if we can get this pushed out via gp or something

I used these with my SCCM team and they pushed out the relevant config and it worked great.

where within the registry would i deploy these keys? for example if i wanted initial state to be prelogon always on:

 

connect-method on-demand | pre-logon | user-logon

The path to the registry setting is here.

 

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings

 

The key value is connect-method

The value data is either on-demand, pre-logon, or user-logon

 

 

 

  • 6793 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!