Does the Agent or App Know What Credentials to Supply?
By default, the GlobalProtect agent attempts to use
the same login credentials for the gateway that it used for portal
login. In the simplest case, where the gateway and the portal use
the same authentication profile and/or certificate profile, the agent
will connect to the gateway transparently.
On a per-agent configuration basis, you can also customize which
GlobalProtect portal and gateways—internal, external, or manual
only—require different credentials (such as unique OTPs). This enables
the GlobalProtect portal or gateway to prompt for the unique OTP
without first prompting for the credentials specified in the authentication
There are two options for modifying the default agent authentication
behavior so that authentication is both stronger and faster: