06-14-2024 11:01 AM
After upgrade to 6.3.0 i am unable to login to GP from 2 different portals and gateways.
on first attempt got the browser page and the Okta authentication successful.
then another login window popped up but blank and gray and client popup says connecting for the past 15 minutes.
With 6.1.4 the second window i had to perform a second login process and okta verification.
I was hoping the use of Edge woud not need the second window.
the Portals and gateways are on a pa5220 on two different vendors and interfaces.
disconnecting and reconnecting only duplicated the blank window.
06-25-2024 04:02 PM
I did open a support case for this issue along with issues with earlier releases 6.1.4 has dual logon and 6.1.5 has the blank screen the same as the 6.3.0 agents. the 6.3 was never resolved on its own but the 6.1.4 solution resoled both the 6.3 and th4 6.1.5 issues.
here is the solution from TAC for the dual logon issue which remove the second blank login screen.
Support solution!!!!!!!!!!!!!
I understand that you want to understand why a GlobalProtect user is prompted twice to put in credentials. Want to see how to bypass or avoid the second prompt.
In SAML having both options (Generate and accept cookies) enabled on portal and gateway may cause login errors due to the double SAML assertions.
Generate cookie on both Portal and Gateway, but accept it on Portal only
Use case: to avoid double authentication when gateway is using same authentication profile, but here gateway can “refresh” the cookie as well; this means that we can avoid re-authenticating to Portal when cookie expires.
When you have a chance can you please make this change on the gateway and run another test?
How to generate cookies on GlobalProtect Portal and use cookies for Gateway Authentication
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boODCAY
06-20-2024 05:49 AM
Hi @MannyCosta ,
GP 6.3.0 is a new release and still under monitoring status.
I'd recommend grabbing the GP debug files and open a support case for the behaviour you're seeing.
You can find the recommended releases on the release guidance page:
Kind regards,
-Kim.
06-25-2024 04:02 PM
I did open a support case for this issue along with issues with earlier releases 6.1.4 has dual logon and 6.1.5 has the blank screen the same as the 6.3.0 agents. the 6.3 was never resolved on its own but the 6.1.4 solution resoled both the 6.3 and th4 6.1.5 issues.
here is the solution from TAC for the dual logon issue which remove the second blank login screen.
Support solution!!!!!!!!!!!!!
I understand that you want to understand why a GlobalProtect user is prompted twice to put in credentials. Want to see how to bypass or avoid the second prompt.
In SAML having both options (Generate and accept cookies) enabled on portal and gateway may cause login errors due to the double SAML assertions.
Generate cookie on both Portal and Gateway, but accept it on Portal only
Use case: to avoid double authentication when gateway is using same authentication profile, but here gateway can “refresh” the cookie as well; this means that we can avoid re-authenticating to Portal when cookie expires.
When you have a chance can you please make this change on the gateway and run another test?
How to generate cookies on GlobalProtect Portal and use cookies for Gateway Authentication
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boODCAY
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
