- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-01-2024 02:07 PM
Is there anyway to easily reset the system-user (before logon) GP settings to restore the initial state? Having an issue testing Connect Before Logon (VPN connection icon on the Windows login screen) where I am hung in a state where the VPN will not work with Enforce VPN set in the Portal config with certificate authentication on the Portal and SAML authentication on the Gateway. It is not even attempting to connect to the Gateway and appears to be having a certificate problem on the Portal.
I initially setup Connect Before Logon on a Portal/gateway and a couple test clients. The client could connect to the Portal without issue and would initially connect to the Gateway, but would never SAML auth (Gateway pre-login on the PaloAlto, no logs in the Entra SAML or return to the Gateway with SAML creds). After trying several FQDN bypasses in the Portal app config, I disabled Enforce VPN and everything worked exactly like it should... So definitely something blocked by Enforce VPN.
After re-enabling Enforce VPN, now the Connect Before Logon VPN will not connect to the Portal. Wireshark shows it connecting and then sending SSL alerts and closing the connection. It appears to either be rejecting the Portal certificate or failing to provide the client certificate for authentication. The login page shows:
The network is unreachable or the portal is unresponsive. Check the network and reconnect.
The PANGPS.log shows repeated attempts to connect to the Portal with the following error:
Failed to pre-login to the portal xxx.xxx.xxx with return value 0(0).
If I log into the client with a local user, then the VPN connects to the Portal and Gateway without issue.
If I disable Enforce VPN on the Portal I still can not Connect Before Logon (seems that it can't connect enough to get the new config), but I can login as a local user and establish the VPN. After rebooting the Connect Before Login will then starts connecting correctly, but as soon as I re-enable Enforce VPN it fails to connect to the Portal again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!