"Advanced View" in GlobalProtect Client won't be locked after version 1.1.6

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

"Advanced View" in GlobalProtect Client won't be locked after version 1.1.6

L4 Transporter

Hi, all,

In normal, "Advanced View" in GlobalProtect client will be locked if I configure to cancel "Enable advanced view" option in GlobalProtect Portal, and it will check the GlobalProtect portal information automatically after rebooting, so that client user cannot modify the settings easly.

But after GlobalProtect version 1.1.6, I found it won't be checked automatically after rebooting and client user can modify the settings, it must connect to GlobalPortect gateway one time then "Advanced View" will be locked. The situation is also found in version 1.2.x ( e.g. version 1.2.2 ), it's a issue of security control for my customer.

Is it normal ? or a bug ?

How to fix it ? or I need to open a case to report it ?

Thanks,

Sample Wu

1 accepted solution

Accepted Solutions

I think it is working as expected now.  With On-demand GlobalProtect agent will not automatically connect to the gateway. Instead the user will have to manually connect to the gateway by clicking to connect on the agent icon.

So in your case after a reboot the client won't connect to pull up the config instead the user has to initiate a connection, after which we will pull up the latest config.

View solution in original post

5 REPLIES 5

L5 Sessionator

Are you using on-demand or SSO?

Hi, sraghunandan,

I used "On Demand" mode,

Thanks,

Sample Wu

I think it is working as expected now.  With On-demand GlobalProtect agent will not automatically connect to the gateway. Instead the user will have to manually connect to the gateway by clicking to connect on the agent icon.

So in your case after a reboot the client won't connect to pull up the config instead the user has to initiate a connection, after which we will pull up the latest config.

Hi, sraghunandan,

I got it, so, the behavior between 1.1.5 and 1.1.6 are changed to will not initiate connection with gateway automatically, right ? If yes, I think it's working as expected as you said.

For the workaround, could I enable both of "On Demand" mode and "SSO" mode to make it a behavior that be initiated with gateway after a reboot every time ?

Thanks,

Sample Wu

sraghunandan,

I really, really dislike this "feature"... I expressed this in a case I had open as well because I originally thought it was a bug(Case #00107848 - "GlobalProtect advanced mode is enabled after a reboot, even though it is disabled in the portal settings").

I realize it's "by design," but in my humble opinion 'Advanced mode' should default to disabled until the next successful port auth/VPN auth. After the auth, if 'Advanced mode' is enabled when the client refreshes its config from the server, only then should advanced mode come back on.

I can already forsee that rebooting and then having access to advanced mode would play havoc with a deployment of GlobalProtect for us, as we're forced to use "OnDemand mode" because we have two-factor authentication requirements that we have to enforce.

This issue and other issues we've had are collectively show-stoppers for us implementing GlobalProtect, to the point where my boss has us looking at ASAs in order to move to Cisco's AnyConnect.

  • 1 accepted solution
  • 3737 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!