- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-07-2023 12:30 PM
Hello,
we changed from Cisco AnyConnect to Globalprotect in the last few weeks. Basically everything works as expected, but one thing we miss. Globaprotect is configured to connect automatically when the user signs into Windows. But our users are allowed to disconnect their VPN. If they disconnect it and turn of, log off or reboot their PC, Globalprotect does not reconnect automatically after login. With AnyConnect this was working. We found a setting where we could set a auto reconnect after x hours, but that does not do the trick.
We also found the registry keys where Globalprotect stores the reconnect behaviour, but when we try to set them via logoff script or something like this, it does not work. Setting them manually by hand works, but this must be fool-proof for our users...
Is there a configuration setting we missed where we could achieve this? If not, is there a way to request such a behavior as feature request?
Thanks a lot for your help!
Brgds Deas
02-24-2023 09:03 AM - edited 02-24-2023 09:08 AM
Are you saying that if user disconnects GlobalProtect and reboots computer then GlobalProtect does not re-connect?
Is user disconnecting or disabling GlobalProtect?
Portal setting, App tab, "Disconnect Timeout (min)" setting don't work?
Also if you do any config changes then by default GlobalProtect app will check config updates every 24 hours.
You can choose "Refresh connection" in GlobalProtect App hamburger menu to force config update to test changes applied.
02-26-2023 02:35 AM - edited 02-26-2023 02:41 AM
Yes, if a user disconnects GP VPN and reboots the PC, GP doest NOT re-connect automatically after login. The user is disconnecting and not disabling GP - our users are not able to disable GP. After the reboot the GP icon says not connected and nothing happens. Only if I connect once manual, connection is established again afer reboot.
And we also have Disconnect Timeout set to 120 minutes. But...
When I login to Windows and disconnect the first time, nothing is shown about the 120 minutes reconnect timer! Only when I connect and disconnect again, the 120 minutes timer is shown.
First disconnect:
Second disconnect:
Just try it yourself...
But what we really want is the following: disable the Disconnect Timeout and make GP reconnect on every reboot automatically. Is there a way to request this as a feature? Would be nice if anybody from PA could join here...
We use 6.0.5-30 at the moment.
Brgds Deas
04-04-2023 03:49 PM
Is this a dead community or what is this???? Is there nobody from PA who is willing to help? Unbelievable... 😞
To go on with the question: When GlobalProtect makes auto connect on reboot, those two registry keys are set to 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS]
"disable-globalprotect"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings]
"disable-globalprotect"=dword:00000000
When I disconnect manually, they change to 1 and after a reboot nothing happens. Only when I reconnect once manually (which sets them back to 0) or set those two keys by hand to 0 again, auto re-connect is working again.
Brgds Deas
06-26-2023 04:51 PM
Same issue. A manual connect is required after a reboot when an end user manually disconnects GlobalProtect - even if the app config is set to always-on. Seems silly to me that the default behavior is not to connect after a reboot when "always-on" is in use regardless of the disconnect setting in the app config.
06-30-2023 05:02 AM
Sorry - I was not able to find a solution for this so far and unfortunately nobody from PA is able or willing to say anything about this. As you said - always on means always connect for me, even if the end user does a manual disconnect.
@D.Nevens staff - hello? somebody here?
08-10-2023 10:31 PM
As written in my second post - I know the registry keys that control it, but there is no "official" way from PA to make always on really always on.
Is there really nobody from PA in this forum?!? I can´t believe it... 😞
09-08-2023 11:22 AM
Hi ,
The disconnect option is same as Disable in the previous version.
You could set a disable timeout for the Global protect under app settings.
Disconnect the GP and shutdown the machine. If you boot the computer again after the timer ( Timeout mentioned in the previous setting), it will connect automatically.
Please note that this is a global settings for all the users connecting to this profile. So the setting will be applicable for all the users on the profile.
The option is Global protect < portal < agents < agent profile < app < "Disconnect Timeout (min)"
Here are some references.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VCOCA2
https://www.youtube.com/watch?v=2NngxjjwyQM
09-29-2023 01:58 AM
Thanks for the info! Did they tell you anything when 6.2.1 should be GA?
09-29-2023 09:14 AM
I was told the release date would be in the second half of September. That's obviously not happening since it's 9/29 today, but I would assume it will be released soon.
03-12-2024 11:00 AM
Hi @dmertz , do you mind sharing the bug number, Case number or Jira ID where support informed you of this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!