Question about Global protect Pre-Logon Issue

Reply
Highlighted
L3 Networker

Question about Global protect Pre-Logon Issue

Hi,

 

I configured GP pre-logon method, But it’s only working in administrator mode even though the user is part of administrator group, it’ not working for normal users.

 

I followed below KB article,

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0

 

In global protect client installed laptops, we are able to connect global protect,  add the machine to domain and user to local admin group remotely in the administrator mode. That means Global Protect is working fine. Post basic GP Pre-logon configuration, when we select switch user or reboot laptop and try to login with a normal user, it’s showing the error “Global Protect Disconnected”(Wi-Fi is connected ) because of this we are unable to use Global Protect client in the remote laptops(The system which are not in office).

 

Can anyone provide your suggestion, why the global protect client is not working (means pre-logon connectivity is not happening) in the laptops when we switch user or log-in as a admin privileged user.

PFA for the error.

 

GlobalProtect.jpeg

Please help us here to fix an issue.

 

Regards,

Sethupathi M

Highlighted
L0 Member

Re: Question about Global protect Pre-Logon Issue

How did you get your pre-logon status to show up on the Windows 10 login screen ?  I cannot get it to work on Windows 10 or 7.  The Pre-Logon process works, but we do not see the status of the connection.  GP Support has not been very helpful.

L0 Member

Re: Question about Global protect Pre-Logon Issue

Any answer on your question Rdevita?

 

Highlighted
L0 Member

Re: Question about Global protect Pre-Logon Issue

Pretty sure this is directly tied to the bottom GP-Portal-Agent-Agent config.

My readings state you should have 2 different Configs - one for pre-logon and one for user logon.

Conflicting whether the second should be set to prelogon - always on or user-logon (always-on).

If you set this one to prelogon -always on it should (in my testing) get this to show up on the windows logon (GINA) screen.

 

Now if i could just get prelogon to connect.... Had it working once. Hope that helps you guys.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!