06-01-2026 10:55 PM
The clients that connect to our PanOS 11.1 GP gateway are Windows 11 corporate domain members. Currently, GP rarely prompts for a user auth. I gather it uses SAML from the users Windows login.
Our gateway has generate and accept cookie for authentication override set to yes. If i was to disable these, what would the effect be?
06-03-2026 02:33 PM - edited 06-03-2026 02:34 PM
without the cookies the users will need to authenticate every time they make a connection. depending on the SAML conditional access, the authentication may remain valid for an amount of time, or they will need to re-authenticate for _every_ connection (hopping to a new wifi SSID may already be enough to trigger a re-auth with a very strict conditional access)
if both portal and gateway are set to not use cookies, users will also need to authenticate twice, once for the portal and once for the gateway
06-03-2026 02:33 PM - edited 06-03-2026 02:34 PM
without the cookies the users will need to authenticate every time they make a connection. depending on the SAML conditional access, the authentication may remain valid for an amount of time, or they will need to re-authenticate for _every_ connection (hopping to a new wifi SSID may already be enough to trigger a re-auth with a very strict conditional access)
if both portal and gateway are set to not use cookies, users will also need to authenticate twice, once for the portal and once for the gateway
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
