GlobalProtect Pre-logon

 

Pre-logon 

Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is to authenticate the endpoint (not the user) and enable domain scripts or other tasks to run as soon as the endpoint powers on. Machine certificates enable the endpoint to establish a VPN tunnel to the GlobalProtect gateway.

https://www.youtube.com/watch?v=k2Y2L8wiMdI

Portal configuration:

Policy:

gateway-tunnel-latency event is a specific log message generated by the GlobalProtect agent that measures the round-trip time (RTT) for a small, test data packet to travel from the user's endpoint (your laptop, for example) to the GlobalProtect Gateway and back again.

In some portal configurations, latency can be a factor in dynamically directing users to the best-performing gateway.

gateway-register event is the log entry that records the successful authentication and registration of a user's device with a GlobalProtect Gateway. It marks the moment a secure VPN tunnel is officially established

gateway-register event failure is a critical log entry that indicates the user's device failed to complete the final step of establishing a secure VPN tunnel. The connection attempt reached the gateway, but something went wrong during the authentication, authorization, or configuration phase, preventing a successful tunnel setup.

The registration process involves several checks. A failure means one or more of these checks did not pass:

1. Authentication: Verifying "Who are you?" (e.g., username/password, certificate).

2. Authorization: Verifying "Are you allowed to connect?" (e.g., group membership, time-based access).

3. Configuration: Assigning resources "What do you get?" (e.g., an IP address from a pool, specific security policies).

A gateway-register failure occurs when any of these steps fail.