This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About MaximeMertens
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About MaximeMertens
03-23-2023
7Posts
0Likes
1Solution
Mar 23, 2023Last Visited
User
Activity
User
Profile
Latest posts by MaximeMertens
| Subject | Views | Posted |
|---|---|---|
| 112 | 02-14-2023 07:28 PM | |
| 590 | 01-30-2023 09:07 PM | |
| 184 | 01-29-2023 11:45 PM | |
| 208 | 01-26-2023 08:43 PM | |
| 545 | 01-26-2023 08:22 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 8 Likes |
User Badges
Community Statistics
| Member Since | 05-24-2020 05:35 AM |
| Date Last Visited | 03-23-2023 07:04 AM |
| Posts | 7 |
02-14-2023
07:28 PM
GP version 5.2.12 is the same behavior. Will retest after upgrade PANOS to 9.1.15-h1
... View more
01-30-2023
09:07 PM
So,
We redid a battery of test today and found a work around. 1- When the portal and gateway are set to generate and accept cookie, the double prompt is happening.
Happening as well if Portal is set to generate and Gateway to accept.
2- When the portal is set to only accept and the gateway to generate and accept. Two prompt prompt the first time, then after the cookie is generated by the gateway, it can be used by the portal for the authentication.
The client is not able to read the cookie generated by the portal. It's been generated, can see it in the folder C:\Users\%USERNAME%\AppData\Local\Palo Alto Networks\GlobalProtect but it can't be read.
(P5076-T10004)Debug(9092): 01/31/23 14:36:11:444 ----Portal Login starts---- (P5076-T10004)Debug(2284): 01/31/23 14:36:11:444 Failed to open file C:\Users\USER\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_xxxxxxxxxxxxxxxxxxxx.dat
This is a know bug by Palo and expected to be fixed in 10.2.4
I still have to try with GP client version 5.2.12 with Portal generating the cookie and the Gateway accepting it.
Work around for now is to set the lifetime of the cookie to a few days or a year (max value). In this case users will only have the two prompts for account selection the first time they connect or until the cookie is no longer valid. Thank you all for your help.
Edit: We did remove the AD group from Portal, Gateway and Auth profile to no avail. It was the work around that Palo provided but didn't work in our case.
... View more
01-29-2023
11:45 PM
Hello,
For the new version, It'll be installed tomorrow, user doesn't have admin right.
We tested the cookie generation and accept on the gateway to no avail. Still see both SAML on the auth method. @JoergSchuetter , the FQND is used on the SAML config on Azure. That FQDN is resolving to the IP of the Portal and Gateway.
On the PAN GPS log, I see this entry in the ----Gateway Pre-login starts---- part:
(P5076-T16812)Debug(2284): 01/30/23 16:29:13:678 Failed to open file C:\Users\XXX\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_xxxxxxxxxxx.dat
That file is PanPUAC.dat file is the Portal authentication cookie, we checked the access right of the folder and it looks ok. The user has full control to the folder. Kind regards, Maxime
... View more
01-26-2023
08:43 PM
Let me try that, I'll update the topic with result
... View more
01-26-2023
08:22 PM
Hello Raido,
Thanks for your answer. Both Portal and Gateway shows "SAML" for auth method, so I assume the cookie is not used for the gateway authentication.
Portal and GW have the same Client authentication with the same authentication profile.
I did try to remove the Client authentication on the Gateway but then the user was not able to connect at all.
Kind regards,
Max
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-23-2023
07:04 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks