Troubleshooting
Please follow these steps to remove the double authentication problem of the Palo Alto Networks VPN client. These steps require a change in the Portal and in the Gateway configuration.
From Palo Alto Web Management Site, go to Network → GlobalProtect → Portals and select the GlobalProtect Portal Configuration item associated with the endpoint that needs to be modified (e.g.,. pa-vpn-02).
Click on the name of the GlobalProtect item that you want to configure. The following screen will appear:
Go to the “Agent” section on the menu on the left. From the “Agents” table, click on the item you would like to configure (e.g., pa-vpn-client-02).
The following screen will appear:
From the “Authentication” tab, configure the “Authentication Override” section as follows:
Check the checkboxes next to the following items:
- Generate cookie for authentication override
- Accept cookie for authentication override
Set the attributes to following values as described:
- Cookie Lifetime: “Hours” and “24”
- Certificate to Encrypt: Select the certificate associated with the Palo Alto Networks Server (e.g., pa-vpn-server-02).
Click “OK” to save the settings.
Certificate example: The following screen shows a sample certificate for the Pa-vpn-server-02 location:
Sample Pa-vpn-server-02 certificate details:
Go to Network → GlobalProtect → Gateways. Select the GlobalProtect Gateway Configuration item associated to the endpoint that you would like to configure (e.g., pa-vpn-gateway-02), and click on it:
The following screen will appear:
Go to the “Agent” section on the menu on the left. From the “Client Settings” tab, click on the item you would like to configure (e.g., pa-vpn-client-02). Then, select the “Authentication Override” tab:
From the “Authentication Override” tab, configure the following options:
Check the boxes next to the following items:
- Generate cookie for authentication override
- Accept cookie for authentication override
Set the attributes to the following values as described:
- Cookie Lifetime: “Hours” and “24”
- Certificate to Encrypt: Select the certificate associated with the Palo Alto Networks Server (e.g., pa-vpn-server-02)
Click “OK” to save the settings.
Back on the GlobalProtect Gateway Configuration screen, click on the “OK” button.
Commit all changes using the Palo Alto Networks management portal.
Last modified 3mo ago