This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Always connect on logon

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Always connect on logon

Deas73
L1 Bithead

‎02-07-2023 12:30 PM

Hello,

 

we changed from Cisco AnyConnect to Globalprotect in the last few weeks. Basically everything works as expected, but one thing we miss. Globaprotect is configured to connect automatically when the user signs into Windows. But our users are allowed to disconnect their VPN. If they disconnect it and turn of, log off or reboot their PC, Globalprotect does not reconnect automatically after login. With AnyConnect this was working. We found a setting where we could set a auto reconnect after x hours, but that does not do the trick.

 

We also found the registry keys where Globalprotect stores the reconnect behaviour, but when we try to set them via logoff script or something like this, it does not work. Setting them manually by hand works, but this must be fool-proof for our users...

 

Is there a configuration setting we missed where we could achieve this? If not, is there a way to request such a behavior as feature request?

 

Thanks a lot for your help!

 

Brgds Deas

0 Likes Likes
15 REPLIES 15

Deas73
L1 Bithead

‎02-24-2023 07:49 AM

Sorry, but is this a dead community?!? Anybody must be able to say something about my question. At least somebody from PA...

 

Brgds Deas

0 Likes Likes

Raido_Rattameister
Cyber Elite
Cyber Elite

‎02-24-2023 09:03 AM - edited ‎02-24-2023 09:08 AM

Are you saying that if user disconnects GlobalProtect and reboots computer then GlobalProtect does not re-connect?

Is user disconnecting or disabling GlobalProtect?

Portal setting, App tab, "Disconnect Timeout (min)" setting don't work?

Also if you do any config changes then by default GlobalProtect app will check config updates every 24 hours.

You can choose "Refresh connection" in GlobalProtect App hamburger menu to force config update to test changes applied.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes

Deas73
L1 Bithead

‎02-26-2023 02:35 AM - edited ‎02-26-2023 02:41 AM

Yes, if a user disconnects GP VPN and reboots the PC, GP doest NOT re-connect automatically after login. The user is disconnecting and not disabling GP - our users are not able to disable GP. After the reboot the GP icon says not connected and nothing happens. Only if I connect once manual, connection is established again afer reboot.

 

And we also have Disconnect Timeout set to 120 minutes. But...

 

When I login to Windows and disconnect the first time, nothing is shown about the 120 minutes reconnect timer! Only when I connect and disconnect again, the 120 minutes timer is shown.

 

First disconnect:

Deas73_0-1677408046091.png

 

 

Second disconnect:

Deas73_0-1677407470979.png

 

Just try it yourself...

 

But what we really want is the following: disable the Disconnect Timeout and make GP reconnect on every reboot automatically. Is there a way to request this as a feature? Would be nice if anybody from PA could join here...

 

We use 6.0.5-30 at the moment.

 

Brgds Deas

0 Likes Likes

Deas73
L1 Bithead

‎04-04-2023 03:49 PM

Is this a dead community or what is this???? Is there nobody from PA who is willing to help? Unbelievable... 😞

 

To go on with the question: When GlobalProtect makes auto connect on reboot, those two registry keys are set to 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS]
"disable-globalprotect"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings]
"disable-globalprotect"=dword:00000000

 

When I disconnect manually, they change to 1 and after a reboot nothing happens. Only when I reconnect once manually (which sets them back to 0) or set those two keys by hand to 0 again, auto re-connect is working again.

 

Brgds Deas

Riff98
L0 Member

‎06-26-2023 04:07 PM

We have ran into this same exact issue,  we are using always on,  but if user clicks disconnect and then reboots it stays in disconnected state.   Has anyone found a work around?  

0 Likes Likes

mwalkup69
L0 Member

‎06-26-2023 04:51 PM

Same issue. A manual connect is required after a reboot when an end user manually disconnects GlobalProtect - even if the app config is set to always-on. Seems silly to me that the default behavior is not to connect after a reboot when "always-on" is in use regardless of the disconnect setting in the app config.

0 Likes Likes

Deas73
L1 Bithead

‎06-30-2023 05:02 AM

Sorry - I was not able to find a solution for this so far and unfortunately nobody from PA is able or willing to say anything about this. As you said - always on means always connect for me, even if the end user does a manual disconnect.

 

@paloalto staff - hello? somebody here?

0 Likes Likes

dmertz
L1 Bithead

‎08-10-2023 03:53 PM

I am also troubleshooting this same issue. If I figure anything out I'll post it here but hopefully, someone has an answer in the meantime.

0 Likes Likes

Deas73
L1 Bithead

‎08-10-2023 10:31 PM

As written in my second post - I know the registry keys that control it, but there is no "official" way from PA to make always on really always on.

 

Is there really nobody from PA in this forum?!? I can´t believe it... 😞

0 Likes Likes

anazarta
L0 Member

‎09-08-2023 11:22 AM

Hi ,

 

The disconnect option is same as Disable in the previous version.

 

You could set a disable timeout for the Global protect under app settings. 

Disconnect the GP and shutdown the machine. If you boot the computer again after the timer ( Timeout mentioned in the previous setting), it will connect automatically.

 

Please note that this is a global settings for all the users connecting to this profile. So the setting will be applicable for all the users on the profile.

 

The option is Global protect < portal < agents < agent profile < app < "Disconnect Timeout (min)"

 

Here are some references.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VCOCA2

https://www.youtube.com/watch?v=2NngxjjwyQM

 

0 Likes Likes

dmertz
L1 Bithead

‎09-20-2023 10:41 AM

I've been working with Palo Alto support who has been working with the product team, and they said that this will be fixed in the upcoming Global Protect version (6.2.1).

0 Likes Likes

Deas73
L1 Bithead
In response to dmertz

‎09-29-2023 01:58 AM

Thanks for the info! Did they tell you anything when 6.2.1 should be GA?

0 Likes Likes

dmertz
L1 Bithead
In response to Deas73

‎09-29-2023 09:14 AM

I was told the release date would be in the second half of September. That's obviously not happening since it's 9/29 today, but I would assume it will be released soon.

0 Likes Likes

pukpebor
L0 Member
In response to dmertz

‎03-12-2024 11:00 AM

Hi @dmertz , do you mind sharing the bug number, Case number or Jira ID where support informed you of this.

0 Likes Likes
  • 5715 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks