GlobalProtect VPN settings

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect VPN settings

L3 Networker

Hello

 

I discover GP so I'm sorry, in advance, if my questions are stupide.

 

Q1 : How I can force my users to enter their credentials (OnPrem AD or Azure AD depending the auth profile configured) when they start GP protect ? I don't want to use SSO and I want that my user enter their credential each time that they want to start the VPN connexion.

 

Q2 : Is-it possible to configure the GP client with the Gateway server by default (without the possibilty to remove it by user or to add another one) ? The objective is when I deploy the client on the computer via SCCM or when user open a session on the portal to download the vpn client, the client is already "pre-configured" with our settings and user does not have to enter gateway information, just click "connect".... 🙂

 

BR 

 

 

6 REPLIES 6

L3 Networker

Hello

 

No update?

 

BR

Cyber Elite
Cyber Elite

Hi @jeromecarrier ,

 

1.  If you change Save User Credentials to No under Network > GlobalProtect > Portals > [edit] > Agent > Configs > [edit] > Authentication, the user will have to enter their username and password every time.

2.  If you set "Allow User to Change Portal Address" to No under App in the same agent client config, then the user will not be able to change the portal address.  Note that this document -> https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/network-globalp... says that you "must supply the default portal address in the Windows registry or Mac plist".

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Hello

I have not found the option to force to enter user credentials each time in  Network > GlobalProtect > Portals > [edit] > Agent > Configs > [edit] > Authentication... 😞

Cyber Elite
Cyber Elite

Hi @jeromecarrier ,

 

As mentioned above, change "Save User Credentials" to No.  Please see the pic below.

 

TomYoung_0-1669135615823.png

 

You may also want to verify that "Use Single Sign-On" is disabled for Windows and MacOS under the App tab.

 

TomYoung_2-1669135844657.png

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Hello

 

These settings are already configured on my environment.

jeromecarrier_0-1669200323619.png

jeromecarrier_1-1669200397393.png

when I have a session open on my laptop with my domain account and my laptop connected on public wifi, when I start the GP program, the connexion is established without to be requested to enter my credentials on GP vpn client. For security reason, we want to force user to enter their credential each time that they want to connect the VPN on the network...

 

An idea? 

 

BR

Jerome

 

 

Cyber Elite
Cyber Elite

Hi @jeromecarrier ,

 

That is indeed a mystery.  In my environment, I have "Save User Credentials" set to No, and I am always prompted for credentials.  Maybe an uninstall/reinstall of the GP client may help.  You may need to open a TAC case.

 

I would like to know the resolution.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
  • 2389 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!