06-11-2024 08:37 AM
Hey everyone, like title suggests I am having trouble with pre-logon automatically logging in. Everything works perfect except this. When you boot up the PC it will never auto connect but if I click connect it will work without issue and never fail. You can then log into the PC and it will move you off the pre-logon gateway over to what I have defined as the user gateway automatically with no issue.
I can complete the entire pre-logon then user logon after logging into machine and reboot from there while I am connected but again same issue; prelogon is always manual.
I have what all the registry settings correct in my eyes:
CBL -> AlwaysShowPortal - yes
CBL -> Portal1 - Portal.fqdn.com
PanSetup -> Portal - Portal.fqdn.com
PanSetup -> Prelogon - 1
PanSetup -> ShowPrelogonButton - 1
I have tried Windows 10 and 11 machines. I have a ticket up with support but have yet to have a good experience where they actually solved something. Just wondering if anyone has seen something similar. I have this all replicated in a lab environment so I am free to do virtually any changes if anyone has ideas!
06-11-2024 05:59 PM
You are trying to use two things that can't coexist. You cannot use Connect Before Logon when pre-logon is enabled; since you're setting both you're likely causing the agent to misbehave. Delete the CBL and this should work without issue.
06-11-2024 05:59 PM
You are trying to use two things that can't coexist. You cannot use Connect Before Logon when pre-logon is enabled; since you're setting both you're likely causing the agent to misbehave. Delete the CBL and this should work without issue.
06-13-2024 06:13 AM
I was about to say that is not true in the slightest since I have 2 other implementations with that setup like that however there is no point in asking a question if you reject the answer.
I removed the registry key for the CBL then restarted multiple times and still had the exact same issue.
I uninstalled and rebooted to in hopes to clear any caching
I did a fresh install of Global Protect and changed all the registry settings and DID NOT add the CBL and rebooted
Thank you very much for the help! @BPry Out of curiosity is that Palo Alto Wisdom that you just know or is there a white paper that outlines this scenario or anything of the sort? Either way I am working now just curious, wondering how my other 2 implementations are working but it sounds like they are working by a fluke.
06-13-2024 06:50 AM
It's brought up in the deployment documentation, but it's easy to miss if you haven't actually read the entire document and jumped down to the enablement steps or just copied the configuration from one environment to the next.There's a few posts about CBL on the forums that mention this limitation where people run into odd issues with both enabled.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
