Cloud Management

Contact the Palo Alto Networks support to activate this functionality.
Configure a mobile user and the authentication method for it.
Enable multiple portals for the same gateway.
Select
Settings
Prisma Access
Setup
GlobalProtect
Infrastructure
.
If you're using Strata Cloud Manager, select
Workflows
Prisma Access
Setup
GlobalProtect
GlobalProtect Setup
Infrastructure
.
Edit the
Infrastructure Settings
.
Enable Multiple Portal for Multiple Authentication Methods
.

The new portal appears for the 8443 port for the same tenant. This portal inherits the configuration settings from the original port, which is port 443.
Edit the portal configurations to update the authentication settings.

You can edit only the portal's
Authentication Settings
and
Certificate Profile
authentication settings.
If you use certificate-based authentication in both portals, ensure that both portals use the same client certificate profile for authentication.
This feature enables the authentication override settings to generate cookie for both portals in the GlobalProtect app settings.

This feature enables the authentication override settings to generate and accept cookie for both portals in the tunnel settings.

Save all your changes and
Push
the configuration changes to
Prisma Access
.
Add the portals manually or using endpoint management software in the GlobalProtect app.
Verify if you can connect to both portals with different authentication profiles for the gateway.
Log in to your Windows machine.
Connect to the portals in your GlobalProtect app.
When you change the connection between portals of different authentication methods, authenticate the user login.

If the authentication cookie expires when you connect to the 8443 portal and switch to the manual gateway, GlobalProtect connects to the
Best Available Gateway
.
If your GlobalProtect app uses cached portal configurations, fallback to portal does not work.