This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Globalprotect client config - force push portal config update?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Globalprotect client config - force push portal config update?

welly_59
L3 Networker

‎10-04-2018 10:08 AM

We rolled out a vpn solution with “on-demand” login. This has proved successful and we now wish to convert the configuration to be “always on”

I have changed the portal configuration to “prelogon always on”, but the clients do not pick up this config change unless they manually initiate an “on-demand” connection first. Then the portal config changes get pushed to the client.

What I am looking for is a way to force the client config to update to be always on without the user initiating a manual on demand connection to pull the new config.

How can I achieve this?
1 person had this problem.
0 Likes Likes
5 REPLIES 5

Brandon_Wertz
L6 Presenter

‎10-04-2018 10:24 AM - edited ‎10-04-2018 10:25 AM

The problem is the client has a set config and given that the current state or previous state was "on-demand" any change you make on the firewall side won't be made to the client until they connect.

 

The only way to get this update on the clients without them connecting in is to modify the client machine directly:

 

 

Here's the high level:

 

https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/set-up-the...

 

 

Here's some more specific config parameters:

 

https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/set-up-the...

 

Finally (from the above link) here's the link on how to make the change to the client you want:

 

https://www.paloaltonetworks.com/documentation/71/globalprotect/globalprotect-admin-guide/set-up-the...

0 Likes Likes

welly_59
L3 Networker
In response to Brandon_Wertz

‎10-04-2018 10:54 AM

Excellent! I’ll liaise with the team tomorrow and see if we can get this pushed out via gp or something
0 Likes Likes

Brandon_Wertz
L6 Presenter
In response to welly_59

‎10-04-2018 11:23 AM

I used these with my SCCM team and they pushed out the relevant config and it worked great.

0 Likes Likes

welly_59
L3 Networker
In response to Brandon_Wertz

‎10-05-2018 01:29 AM

where within the registry would i deploy these keys? for example if i wanted initial state to be prelogon always on:

 

connect-method on-demand | pre-logon | user-logon

0 Likes Likes

dpeterson4
L2 Linker
In response to welly_59

‎05-30-2019 08:15 AM

The path to the registry setting is here.

 

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings

 

The key value is connect-method

The value data is either on-demand, pre-logon, or user-logon

 

 

 

0 Likes Likes
  • 8154 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks