GlobalProtect App: Portal Connection/Cache Expected Behavior

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect App: Portal Connection/Cache Expected Behavior

L3 Networker

Hello everyone,

 

I have questions about the expected behavior of GlobalProtect.

Is it correct to assume that the GlobalProtect App will operate as follows depending on whether the Portal can be connected and whether there is a cache?

(I would appreciate an early response)

 

1. If the Portal can be connected when the client is started and logged in, if there is a cache, the Config will not be obtained from the Portal and a tunnel connection with the Gateway will be made.

 

2. If the Portal can be connected when the client is booted and logged in, if there is no cache, the Portal will be connected to, the Config will be re-obtained, and a tunnel connection with the Gateway will be made.

 

3. If the Portal cannot be connected when the client is booted and logged in, if there is a cache, the cached information will be used to tunnel connection with the Gateway.

 

4. If the Portal cannot be connected when the client is booted and logged in, if there is no cache, the Portal will not be accessed again and an error will be generated.

2 REPLIES 2

Community Team Member

Hi @Y.Tsushima ,

 

GlobalProtect uses cached portal config in 3 scenarios:

  •  Portal is not reachable
  •  Portal's server certificate cannot be verified
  • "Pre-Logon Tunnel Rename Timeout (sec) (Windows Only)" GlobalProtect Portal Agent's App's setting is set to 0

Under normal circumstances, the Portal connection will be attempted, once connected  the Config will be obtained, and a tunnel connection with the Gateway will be made.

If you are having trouble with connectivity and you have successfully logged in previously, the client will use the cached configuration to connect to the last known Gateway. If you have never logged in and cannot connect, the client will be unable to proceed with a Gateway connection and receive an error.

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L3 Networker

Hello @JayGolf 

 

Thank you for your response.

 

> If you have never logged in and cannot connect, the client will be unable to proceed with a Gateway connection and receive an error.

 

I understand that if the portal connection is not possible during client boot and login, if there is no cache (no successful login history), the client will receive an error without retrying to access the portal.

*If I have misunderstood something, I would appreciate it if you could point it out.

 

One more thing to confirm.

Is my understanding of the following correct?

- If a portal connection is possible when the client starts up or logs in, the cache is not used, but the config is obtained from the portal and a tunnel connection is made to the Gateway.

  • 292 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!