GlobalProtect Pre-Logon setup uses multiple IP addresses

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect Pre-Logon setup uses multiple IP addresses

L2 Linker

I have setup GlobalProtect with Pre-Logon configuration, but between the "pre-logon" status and "post-logon" status of the same computer I am getting 2 different IP addresses.  For example, during pre-logon I get 172.16.4.201, but as soon as a user logs into Windows I get 172.16.4.200. 

 

Is there any way to keep the IP address the same between the different authentication stages? 

 

The main reason this would be beneficial, is for instances when the IT dept is remoted (VNC) into the user's computer before they login to Windows, then so the remote VNC session does not get dropped when the IP address changes after Windows login.

 

Is this possible?

6 REPLIES 6

L2 Linker

Ideas anyone?  Or, am I completely missing something?

L7 Applicator

Hi @Curt_Wilson

 

What do you have configured in the portal config - app tab and then at the tunnel rename setting?

If you have "-1" there, the pre-logon tunnel should be reassigned to the user without opening a new one.

Looks like "pre-logon tunnel rename timeout" is already set to the default of -1.

Hi, Is there any update to this post? In our case the clients also receive two ip addresses (for pre-logon and the follwing normal user logon), we would also like to use an ip for both. Regards Marco

Sorry, but I do not have a resolution for this.  We opted to configure GlobalProtect as only "user-login (always on)"

@Curt_Wilson 

 

I am using the GP pre logon on PAN OS 8.1.15 with GP Agent 5.0.10

I only see 1 IP address for pre logon user and actual user logon.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
  • 5142 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!