Hello good afternoon, as always thank you very much for your time and collaboration.
I have a question, currently I have configured at the level of Global Protect, cookies in both Portal and Gateway.
The issue is that this was configured to keep the credentials and not have to be entering these manually, twice, ie for the portal and gateway.
To achieve this goal, how should I configure the cookies section?
Thank you, I remain attentive
Configure your Portal to generate a cookie, but do not accept cookies, for authentication override:
You will need a certificate on the PaloAlto with a private key to sign the cookie (either a self-generated or externally validated). You may also need to check Require Dynamic Passwords to force the GP client not to cache user/password and automatically log you in anyways.
Then configure your Gateway to accept cookies for authentication override, but do not generate cookies:
GlobalProtect->Gateways->[config]->Agent->Client Settings-<config]->Authentication Override
You may want to set a short cookie lifetime so if a user is disconnected from the Gateway, they must re-authenticate against the Portal (default is 24 hour cookie lifetime). If you have Portals and Gateways on separate PaloAltos, be sure to copy the certificate used to sign the cookie to the Gateway firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!