Rolling out a new VPN configuration for my org. We use GlobalProtect VPN currently but it was made clear to me that the org wants to have the laptops connect to the VPN prior to the user logging in using a certificate (prelogon) and then have the user connect to GlobalProtect after they signin using SAML (Azure AD). I have put everything in place and configured the security rules and GlobalProtect settings according to what I found on Palo’s website. Everything is working fine except for the fact that the logon script for when the user logs into the laptop, it doesn’t kick off like it would if the user was connected locally to the internal network. I suspect that’s because it can’t reach the domain controllers when its transitioning from pre-logon state to user logon state. I read that the best way to do this is to use post-vpn-connect script and plug in the batch script that should kick off to map the drives. Deploy Scripts Using the Windows Registry (paloaltonetworks.com) . Is this the method I should use or is there a better way to do this?
And what is the behaviour that you observe right now? Because i can’t understand the problem.
Yeah we use the post login script via registery… Can’t believe Palo doesn’t offer a better solution, but here we are
Do you ha e a pre-logon security policy to all the pre-logon user to access active directory.