This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Jonathan.Bennett
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Jonathan.Bennett
07-06-2022
5Posts
0Likes
0Solutions
Jul 06, 2022Last Visited
User
Activity
User
Profile
Latest posts by Jonathan.Bennett
| Subject | Views | Posted |
|---|---|---|
| 3613 | 10-15-2020 08:03 AM | |
| 2003 | 07-02-2018 12:56 PM | |
| 2206 | 07-02-2018 11:56 AM | |
| 2207 | 07-02-2018 11:54 AM | |
| 2257 | 07-02-2018 09:47 AM |
User Badges
Community Statistics
| Member Since | 03-24-2015 03:32 PM |
| Date Last Visited | 07-06-2022 10:34 PM |
| Posts | 5 |
10-15-2020
08:03 AM
You can also use Microsoft's tool, https://connectivity.office.com/ They have you download an .exe, run it, then it tells you if various MS services are running over the tunnel or split
... View more
07-02-2018
12:56 PM
I guess my ultimate wish would be to be able to get some sort of a error or message to the end user. Anything but a continual prompt for their creds. I have about 200 users on my portal, and I have about 15 that have multiple lock outs over the past 3 days.
... View more
07-02-2018
11:56 AM
@MickBall, Will LDAP give a return like that? When I opened a case with PA TAC they told me it wouldn't. We've only used Radius for RSA and Kerberos, so I have not tested LDAP. Using a secure cookie would reduce a login prompt. Not sure if my security team will go for it, but it's idea. Thank you.
... View more
07-02-2018
11:54 AM
@BPry, I don't know what MS recommendations are for AD, but our security team requires AD accounts to be manually unlocked. I agree with you about the pre-logon tunnel, but it's another 6-8 months out for me. I was hoping to find a band-aid until then. Thanks for your help.
... View more
07-02-2018
09:47 AM
We've had Global Protect in production for a while now, but it has just recently been brought to my attention that we are having a lot of users locking their accounts out. The GP client prompts them for their AD username / password. Maybe they fat-finger their password or whatever. The GP client never gives them any indication of any issue, other than just prompting for credentials again. I have users that are failing logins 30-40 times within a couple of hours. Of cource AD is locking their account out, but the end user has no idea. All they know is they are continueing to get prompted for creds. Has anyone ran into this situation? Any suggestions? Most clients are using 3.1.3 while some are using 4.0.6. I am using aloways on mode and the same Kerberos profile to authenticat to both the portal and the gateway. I'm pretty sure that having them plug in their password twice is over-kill and adding to the issue. My security team would need some other way to auth to mitigate. I want to use pre-logon tunnel and device certs, but we just aren't there yet. Any help or suggestions would be greatly appreciated! Thanks, Jonathan
... View more
- Tags:
- global protect
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-06-2022
10:34 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks