Something about Global Protect agent seems off

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Something about Global Protect agent seems off

L2 Linker

It looks like Global Protect is a hot issue and specifically in combination with prelogon functionality.

We're also having a situation that appears to difficult to explain.

 

The idea is:

When handing out devices with global protect preinstalled and preconfigured in the windows registry.

A receiving user who has never logged into that device should be able to do so with the help of global protect prelogon (creating a device tunnel before any user tries to log in to windows).

 

From then on, the device should always try to setup a device tunnel when it is turned on. But it should use the device certificate to do so.

 

For some unknown reason, with some of our users (yes not all !?!) at a certain moment something happens (yes very vague so far).

The device will start trying to create a tunnel with seemingly user authentication (because 2FA request is triggered), before any user actually logs in to Windows.

So, for some reason the agent is no longer trying to create a device tunnel with the device certificate. It is all of sudden trying to create a (prelogon) tunnel with user creds.

Since the 2FA request is triggered, I assume that the username and password have been succesfully provided by saved credentials. Because the cookie lifetimes are configured so, they are no longer valid the next morning.

 

 

0 REPLIES 0
  • 1735 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!