Workforce Docs
SDKWorkforceEnd User GuideSupport
Searchโ€ฆ
๐Ÿ‘‹
Welcome
๐Ÿ”‘
Why Go Passwordless?
๐Ÿ“ข
Internal Communication
๐ŸŽง
Helpdesk Onboarding
Identity and Access Mgmnt
Okta
AWS Cognito
ForgeRock
Auth0
OneLogin
Ping Identity
Microsoft ADFS
Salesforce
Extensions
RADIUS
Workstation
Windows Login
RDP Access
VDI Access
VPN
Fortinet FortiClient
Palo Alto Networks GlobalProtect
Troubleshooting
OpenVPN
Check Point VPN
Powered By GitBook
Troubleshooting

Configure Palo Alto Networks GlobalProtect to Address the Double-authentication Problem

Please follow these steps to remove the double authentication problem of the Palo Alto Networks VPN client. These steps require a change in the Portal and in the Gateway configuration.

Step 1 - Configure the Portal

From Palo Alto Web Management Site, go to Network โ†’ GlobalProtect โ†’ Portals and select the GlobalProtect Portal Configuration item associated with the endpoint that needs to be modified (e.g.,. pa-vpn-02).
Click on the name of the GlobalProtect item that you want to configure. The following screen will appear:
Go to the โ€œAgentโ€ section on the menu on the left. From the โ€œAgentsโ€ table, click on the item you would like to configure (e.g., pa-vpn-client-02).
The following screen will appear:
From the โ€œAuthenticationโ€ tab, configure the โ€œAuthentication Overrideโ€ section as follows:
Check the checkboxes next to the following items:
  • Generate cookie for authentication override
  • Accept cookie for authentication override
Set the attributes to following values as described:
  • Cookie Lifetime: โ€œHoursโ€ and โ€œ24โ€
  • Certificate to Encrypt: Select the certificate associated with the Palo Alto Networks Server (e.g., pa-vpn-server-02).
Click โ€œOKโ€ to save the settings.
Certificate example: The following screen shows a sample certificate for the Pa-vpn-server-02 location:
Sample Pa-vpn-server-02 certificate details:

Step 2 - Configure the Gateway

Go to Network โ†’ GlobalProtect โ†’ Gateways. Select the GlobalProtect Gateway Configuration item associated to the endpoint that you would like to configure (e.g., pa-vpn-gateway-02), and click on it:
The following screen will appear:
Go to the โ€œAgentโ€ section on the menu on the left. From the โ€œClient Settingsโ€ tab, click on the item you would like to configure (e.g., pa-vpn-client-02). Then, select the โ€œAuthentication Overrideโ€ tab:
From the โ€œAuthentication Overrideโ€ tab, configure the following options:
Check the boxes next to the following items:
  • Generate cookie for authentication override
  • Accept cookie for authentication override
Set the attributes to the following values as described:
  • Cookie Lifetime: โ€œHoursโ€ and โ€œ24โ€
  • Certificate to Encrypt: Select the certificate associated with the Palo Alto Networks Server (e.g., pa-vpn-server-02)
Click โ€œOKโ€ to save the settings.
Back on the GlobalProtect Gateway Configuration screen, click on the โ€œOKโ€ button.

Step 3

Commit all changes using the Palo Alto Networks management portal.
VPN - Previous
Palo Alto Networks GlobalProtect
Next - VPN
OpenVPN
Last modified 1yr ago
Export as PDF
Copy link
Outline
Configure Palo Alto Networks GlobalProtect to Address the Double-authentication Problem
Step 1 - Configure the Portal
Step 2 - Configure the Gateway
Step 3