05-30-2023 06:54 AM
Hi looking to get some feedback.
Currently we have on-demand global protect VPN connection (user inisitates the VPN connection, puts username/password). They have full access to internet via laptop (w.o any traffic inspection) if there is no VPN tunnel and they are off-prem. Our company wants to move away from that and force auto VPN connection when they connect off-prem so traffic can be inspected via VPN tunnel.. I have been researching and configuring always on VPN (user-log on (not prelog)) with internal host detection, windows sso -yes, but running into few some issue.
When laptop is on-prem and I start/reboot laptop (log in with windows creds). The global protect doesnt to initiate/sart tunnel connection. User still has to still the connect option, only then the internal host detection kick in and detects that its on-prem/internal network.
2nd issue is, windows SSO are not being passed automatically either even though i have windows SSO set to Yes.
We want to limit user interaction when they are connect to company network, need to global protect to detect internal network w.o any user interaction/clicking connect...
05-30-2023 10:53 AM
When you reboot laptop on prem it will still use on demand until it connects and picks up the new always on config….
if it does this all the time then perhaps it does not meet the criteria for such config.
Do you have one user config for all users or does it depend on user ID etc….
perhaps look into monitor/GlobalProtect to see if you are collecting the correct portal config.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
