Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

Showing results for 
Search instead for 
Did you mean: 

Will an On-Demand configuration keep GlobalProtect from notifying me that it did not connect?

L1 Bithead

I've deployed GlobalProtect 4.0.3-31 to my lab machines.  When I log in, I get notifications that GlobalProtect is connecting, and then that it is not connected.  I'm not panicked because my portal is not available from my internal network.  Will switching to an On-Demand configuration make these notifications go away?


L4 Transporter


On demand will keep the GP client from logging in automatically, the user will have to open up the client and choose to logon and get connected

L7 Applicator

@jdprovine has answered your question, but can i ask, why have you installed GP to lab devices if not needed.


just curious....



Excuse the brevity of my previous post.

had to pop out..

i was going to suggest internal host detection for globalprotect but as in a lab enviroment this may not be possible.


That's the behavior I want, but will it eliminate the icon in the system tray reporting an error (not connected)?  My users will go bonkers if they see that.

It's not that the lab machines don't need it, none of my computers will need it when they're connected to the corporate network.  This is strictly to allow corporate-owned computers to connect to our network when they're out in the wild.



if you configure "internal host detection" in the globalprotect app config on the PA, the user icon will just change to a little house, no errors....


its under network/portals/agent/config/gateways


just choose an internal host and its relevant IP address... bingo.  we use it for our always on config.


please note that users will need to connect to the portal to get the new config.

pics belowinthostdet.pnggphome.png



we allow access to the portal from our LAN.

only so that users can get the latest config whilst connected to the LAN.


we have 4,500 users with "always on" and "internal host detection" and have had no issues... works well..... 


the internal host option will prevent them from connecting to any of your gateway(s). providing the internal host is available.


not sure why PA never gave the option to add 2 or 3 internal hosts for maintenance or similar...



@MickBall's suggestion is the best option.  We are doing the same thing with our domain laptops.  This functions fairly well (occasionally a rediscover network is required as users just sleep thier computers between office and home).



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!