GlobalProtect Pre-Logon setup uses multiple IP addresses

Reply
Highlighted
L2 Linker

GlobalProtect Pre-Logon setup uses multiple IP addresses

I have setup GlobalProtect with Pre-Logon configuration, but between the "pre-logon" status and "post-logon" status of the same computer I am getting 2 different IP addresses.  For example, during pre-logon I get 172.16.4.201, but as soon as a user logs into Windows I get 172.16.4.200. 

 

Is there any way to keep the IP address the same between the different authentication stages? 

 

The main reason this would be beneficial, is for instances when the IT dept is remoted (VNC) into the user's computer before they login to Windows, then so the remote VNC session does not get dropped when the IP address changes after Windows login.

 

Is this possible?

Highlighted
L2 Linker

Ideas anyone?  Or, am I completely missing something?

Highlighted
Cyber Elite

Hi @Curt_Wilson

 

What do you have configured in the portal config - app tab and then at the tunnel rename setting?

If you have "-1" there, the pre-logon tunnel should be reassigned to the user without opening a new one.

Highlighted
L2 Linker

Looks like "pre-logon tunnel rename timeout" is already set to the default of -1.

Highlighted
L2 Linker

Hi, Is there any update to this post? In our case the clients also receive two ip addresses (for pre-logon and the follwing normal user logon), we would also like to use an ip for both. Regards Marco
L2 Linker

Sorry, but I do not have a resolution for this.  We opted to configure GlobalProtect as only "user-login (always on)"

Highlighted
Cyber Elite

@Curt_Wilson 

 

I am using the GP pre logon on PAN OS 8.1.15 with GP Agent 5.0.10

I only see 1 IP address for pre logon user and actual user logon.

 

Regards

MP
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!