- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-13-2020 11:14 AM
Hi All,
As per this article (https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/...) if I set my portal to User Logon (Always-On), my internal gateway will try to connect, but my external will not (it will have to be done manually). This is what I want...however...
I have tested this on my iPhone and the internal gateway autoconnects as it should. However, when I'm not on the internal network, my iPhone constantly tries to connect (not sure if it's trying to connect to the internal/external gateway, but the connection constantly fails). This should not be happening as per the article. I only have one internal gateway and one external gateway. How do I stop GP from trying to autoconnect when not on the internal network?
09-13-2020 11:33 AM
I have checked my logs and it seems to constantly try to connect with the below errors. Also in IOS, if you go into settings, you can see the VPN constantly trying to connect. This breaks apps - for example, Youtube does not play videos. You have to go into IOS -> General ->VPN and disable the Connect On Demand setting and then the constant connecting stops and videos play again.
09/13/2020 20:00:49.950 [Info ]: Network discovery started.
09/13/2020 20:00:50.179 [Error]: Please select a gateway to connect manually.
09/13/2020 20:00:51.225 [Info ]: GlobalProtect service started (client version: 5.2.3-3, OS version: Apple iOS 13.4.1).
09/13/2020 20:00:51.384 [Info ]: Portal login completed with address xxyy.ddns.net and conect method of user-logon.
09/13/2020 20:00:51.387 [Info ]: Network discovery started.
09/13/2020 20:00:51.616 [Error]: Please select a gateway to connect manually.
09/13/2020 20:00:52.541 [Info ]: GlobalProtect service started (client version: 5.2.3-3, OS version: Apple iOS 13.4.1).
09/13/2020 20:00:52.695 [Info ]: Portal login completed with address xxyy.ddns.net and conect method of user-logon.
09/13/2020 20:00:52.699 [Info ]: Network discovery started.
09/13/2020 20:00:52.918 [Error]: Please select a gateway to connect manually.
09/13/2020 20:00:54.148 [Info ]: GlobalProtect service started (client version: 5.2.3-3, OS version: Apple iOS 13.4.1).
09/13/2020 20:00:54.299 [Info ]: Portal login completed with address xxyy.ddns.net and conect method of user-logon.
09/13/2020 20:00:54.303 [Info ]: Network discovery started.
09-14-2020 07:10 AM
Hi,
by default with User-Logon (Always) GP will automatically connect to gateway.
I see only one work around to accomplish what you want since you have only one Portal:
- on Portal do not Save login Info "save user Credentials, so the user will have to enter login data if he wants to login.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!