diff --git a/src/vpn_manager_globalprotect/backend.py b/src/vpn_manager_globalprotect/backend.py
index d9b5e3c..726ba3f 100644
--- a/src/vpn_manager_globalprotect/backend.py
+++ b/src/vpn_manager_globalprotect/backend.py
@@ -101,7 +101,7 @@ class GlobalProtectConnection(
         if not verify:
             # Disabling certificate verification is extremely dangerous and should only be done if you KNOW WHAT YOU ARE DOING
             self.logger.warn("Certificate verification disabled! This is dangerous!")
-        if options.get("login_target").value == LoginTarget.GATEWAY:
+        if options.get("login_target").value in {LoginTarget.GATEWAY, LoginTarget.SSL}:
             url = f"{options.get('hostname').value}/ssl-vpn/prelogin.esp"
         else:
             url = f"{options.get('hostname').value}/global-protect/prelogin.esp"
@@ -248,7 +248,7 @@ class GlobalProtectConnection(
             "--protocol=gp",
             f"--user={auth.value.get('saml-username')}",
             "--useragent=PAN GlobalProtect",
-            f"--usergroup={options.get('login_target', Variant('s', LoginTarget.PORTAL)).value == LoginTarget.PORTAL and 'portal' or 'gateway'}:prelogin-cookie",
+            f"--usergroup={options.get('login_target', Variant('s', LoginTarget.PORTAL)).value in {LoginTarget.PORTAL, LoginTarget.IPSEC} and 'portal' or 'gateway'}:prelogin-cookie",
             "--passwd-on-stdin",
             options.get("hostname").value,
             "-b",
@@ -421,6 +421,7 @@ class GlobalProtectConnection(
                     LoginTarget.SSL,
                     LoginTarget.IPSEC,
                 ],
+                default=LoginTarget.IPSEC,
             ),
             ConfigSpec(
                 name="spoof_clientos",