About mbehlok

Release notes for GP 1.1.2 seem to address the saved password and reconnect after hibernation issues. Have not tested yet, but will tomorrow, just wanted to put this out there.. From Release Notes: • 35430 – When the GlobalProtect portal "Agent" settings "User can save password" and "Use single sign-on" are both disabled, the GlobalProtect client is still caching the login credentials and the "remember me" option is available on the client. • 35234 – GlobalProtect is not re-establishing a VPN connection after the host computer comes out of hibernate or sleep mode ... View more

Did you import the CA and the client cert to your browser? I had that issue as well but importing "Installing" the CA and client certs to my browser fixed that issue. Hope that helps. ... View more

Thanks all.  I will submit the request to my SE. I deal with alot of customers that have many branches, sometimes in the hundreds.  Some of them having to have a DHCP internet conenction with the provider configuring a DHCP reservation so that the customer always receives the same IP address for VPN connectivity. Having this as a feature I believe will be very helpful is some of these unique situations. In my case, its not as big of a deal as is it only my lab at home affected and easily fixed. ... View more

jdelio, Ok, answer me this.  Why can I change the physical MAC address on almost any other firewall / router?  Even on a $30 Linksys router, I have the ability to change the MAC address of the External Interface. Heres a snippet of the config from my old Juniper SRX Firewall where I WAS able to change the MAC when replacing the firewall for another for testing. fe-0/0/7 { enable; mac b0:c6:9a:39:ba:00; unit 0 { family inet { mtu 1500; dhcp; By doing this, I was able to maintain the same IP Address even though I changed the physical firewall because I was able to spoof the MAC address of the old router. I mean this has been available on other router / firewall for many years.  Just does not make any sense that this would have to be a feature request on a much more powerful, feature rich next gen firewall. I highly doubt this is a hardware limitation. i will have my SE send in the feature request to see what can be done, if anything. ... View more

Thanks for the reply, I appreciate it. I come from the Juniper world.  On the SRX, if you are using DHCP on the WAN conenction, you basically specify the Destination-Address as 0.0.0.0/0 and it will use whatever ip address is assigned to teh WAN interface via DHCP. Heres a snippet of my original Juniper SRX config (Which has been replaced by the PA-500) Example of Destination NAT rule: rule-set Incoming {      from zone untrust;           rule RDP_3389 {                match {                     destination-address 0.0.0.0/0;                     destination-port 3389; Example of Security policy to allow RDP traffic in: policy rdp-in-vmutils01 {      match {           source-address any;           destination-address vmutils01;      application RDP3389; }           then {                allow;                log {                     session-init;                     session-close; In this scenario, even if the wan ip changes, all destination NATs will still function provided I have Dynamic DNS configured correctly on my end. Thanks again.  Is there any way to add that as a feature request?  and if so, whats the procedure? ... View more