Palo Alto GlobalProtect - Windows SSO Familiar with Windows credential providers? When using the default configuration of GlobalProtect, single-sign-on, or SSO, is enabled by default. This allows for the entering of a password into the GlobalProtect credential provider which will pass the authentication over to Windows. If your environment is leveraging password based authentication, this would likely simplify the VPN authentication process. If your environment does not leverage password based authentication and instead leverages an alternate authentication method (e.

There is a classic ‘Ford’ vs ‘Chevy’ debate when it comes to Panorama and the utilization of policy within ‘Pre’ or ‘Post’ rules. At a high level, policy assigned within Panorama to ‘Pre’ rules will take precendence over a local firewall’s policy, while policy assigned within Panorama to ‘Post’ rules will follow after the local firewall’s policy.

You may be familiar with the aft named ‘Enforcer Mode’ from GlobalProtect. This feature is enabled when you set the Enforce GlobalProtect Connection for Network Access to Yes. There are two additional fields which can optionally be enabled as well: