I'm having problems getting pre-logon to work on MacOS. There are a number of issues. - To start with, I can't seem to get the GlobalProtect icon from the login screen after several tries. - Then, even when I log in to the device and try to connect to GlobalProtect, I get prompted for keychain access so that GlobalProtect can access the machine certificate. I've seen the document that explains how to give GlobalProtect access to keychain so that I don't get this prompt. Even after making those changes, GlobalProtect doesn't attempt to connect from the login screen. It only attempts to connect when I've logged in to the device. - Another thing I've noticed is, when I look at the GlobalProtect logs for the Mac, I actually see the 'Auth Method' as 'Certificate'. BUT, the source user is the device name (which is defined in the certificate) rather than the 'pre-logon' user which I would expect for pre-logon, before the actual source user. - GlobalProtect version is 5.2.10. Mac OS version is Monterey 12.4 Config settings used: GlobalProtect Portal - GlobalProtect portal > Authentication - Allow authentication with user credentials or client certificate: Yes - Certificate profile: None - GlobalProtect portal > Agent Config 1 - Save User credentials: Yes - Generate cookie for authentication override: Yes - Allow cookie for authentication override: Yes - User: pre-logon - Connect method: Pre-logon (Always-On) Config 2 - Save User credentials: Yes - Generate cookie for authentication override: Yes - Allow cookie for authentication override: Yes - User: any - Connect method: Pre-logon (Always-On) GlobalProtect Gateway - GlobalProtect gateway > Authentication - Allow authentication with user credentials or client certificate: Yes - Certificate profile: <root certificate> Any ideas on what I'm missing?
... View more