I have prelogon setup for globalprotect using machine certificates, so that when a laptop boots up with internet is automatically connects to globalprotect. This works perfectly fine, except for when a laptop does not have internet access. If a laptop does not have internet access, then globalprotect just errors out and does not try to reconnect once internet is restored. The error message that I get is "Invalid Portal". I do have the option setup for Portal Connection Timeout to be 600 seconds and still errors out. The icon in the taskbar showing the 3 dots moving across the globe, but when I click on the icon it just says invalid portal with the connect button. I looked at the logs and see the captiveportect drectionthread is still running but when I restore internet, globalprotect is not connecting unlesss I manually connect
Any ideas as to what I should do?
This is a somewhat common issue that I've run into with my users and really haven't gained much traction with actually getting a fix for. You might want to open a support ticket with TAC just so they have additional logs to look at to hopefully come up with a fix in a later release.
You can set the Captive Portal Exception Timeout (I generally use 300 seconds / 5min) to allow a user a "grace period" to login to a captive portal before GP blocks access.
Setting is in Network > GlobalProtect > Portals > Agent > [Agent] > App > Captive Portal Exception Timeout
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!