On-demand GlobalProtect and Mapped drives
cancel
Showing results for 
Search instead for 
Did you mean: 

On-demand GlobalProtect and Mapped drives

L3 Networker

Hello all ,

 

Having issues with some users where they have mapped drives but after they connect to global protect they don't work.

 

If they unmap and they map again it works .

When doesn't work after connecting to globalprotect if they ping the IP of the server that they have the mapped drive it works but SMB it doesn't .

 

 

We have on-demand globalprotect, SSO disabled of course and we allow netbios, SMB and I don't see any blocked traffic.

I have tried to search that and I don't want to say to the customer to fix that with scripts net use because all users are using their own shared folders.

 

 

12 REPLIES 12

Cyber Elite
Cyber Elite

@GeorgiosFakis,

What version of Windows are they using? Does the drive show as disconnected and simply won't connect, or does it simply hang when they try to access the drive? If the user restarts explorer.exe after they connect to GlobalProtect can they access the drive? 

 

I'd also ensure that the group policy you are using to map these drives is set to Update instead of Replace. There was an instance a while back where the Group Policy updating in the background with a Replace action would cause the drive mapping to be lost like you are describing here. 

Hi ,

 

Users most of them have Windows 10 and they show disconnected .We have not tried to restart this service but what we have tried to access through run command \\shareX\ .

 

We don't have standard mapped drives, each user adds their own for their work.

@GeorgiosFakis,

When someone runs into this again, try restarting explorer.exe and see if you are able to access the mapped drive again. 

Hi,

 

We tried with one user and didn't work but you know what they say? Pulse Secure was not causing that issues .

 

I have isolated the issue to specific shared folders. All common shared folders they are connected after user connect to global protect.I have asked the server team to check as well these specific shared folders and from what it seems is the sync between host and AD.

I am having the exact same issue but mine is "well Sonic Firewall works". Makes it hard to sell a new VPN solution to management when things like this don't work.
“You never fail until you stop trying.”
― Albert Einstein

So I want to share that I believe we have found the solution for mapping our personal drives without having to have the pre-logon. I had one of my admins create a .vbs file that will pull the home drive mapping info from AD. then we added a registry key into the install package to point to the .vbs file to execute this post-vpn-connect. https://docs.paloaltonetworks.com/globalprotect/7-1/globalprotect-admin/set-up-the-globalprotect-inf...
“You never fail until you stop trying.”
― Albert Einstein

L0 Member

Hi George - did you ever resolve this? Same problem over here. 

 

Hi ,

 

We found around 100 users having this issue where mapped drives had their COMPUTER name like alias and linked to one of the servers for personal host space . Basically , helpdesk instructed them how to change that so the mapped drive have a normal path .

 

I don't know how it was working before with Juniper Pulse but with GP we had issues. All the other mapped drives that was from the AD policy were ok after connecting to GP .

L0 Member

Having the same issue here with PanOS 9.1.5 and GP 5.2.2.

 

We are replacing a Sophos firewall and this just worked before it's hard to sell a PAN solution with this kind of issues.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!