This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Global Protect Cookies Portal Gateway

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect Cookies Portal Gateway

Metgatz
L4 Transporter

‎10-12-2022 02:59 PM

Hello good afternoon, as always thank you very much for your time and collaboration.

 

I have a question, currently I have configured at the level of Global Protect, cookies in both Portal and Gateway.

 

The issue is that this was configured to keep the credentials and not have to be entering these manually, twice, ie for the portal and gateway.

 

-Now I would like to be able to use cookies but only to ask for the credentials in one instance, not in two, i.e. ask for them for the Portal, but for the Gateway simply use the authentication already done in the Portal.

 

To achieve this goal, how should I configure the cookies section?

 

Thank you, I remain attentive

 

Best regards

High Sticker
0 Likes Likes
1 REPLY 1

Adrian_Jensen
L6 Presenter

‎10-12-2022 05:44 PM

Configure your Portal to generate a cookie, but do not accept cookies, for authentication override:

    GlobalProtect->Portals->[config]->Agent->[config]->Authentication

2022-10-12_173045.png

You will need a certificate on the PaloAlto with a private key to sign the cookie (either a self-generated or externally validated). You may also need to check Require Dynamic Passwords to force the GP client not to cache user/password and automatically log you in anyways.

 

Then configure your Gateway to accept cookies for authentication override, but do not generate cookies:

    GlobalProtect->Gateways->[config]->Agent->Client Settings-<config]->Authentication Override

2022-10-12_173700.png

You may want to set a short cookie lifetime so if a user is disconnected from the Gateway, they must re-authenticate against the Portal (default is 24 hour cookie lifetime). If you have Portals and Gateways on separate PaloAltos, be sure to copy the certificate used to sign the cookie to the Gateway firewall.

 

 

0 Likes Likes
  • 1769 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks