With the optional client certificate authentication,
the user presents a client certificate along with a connection request
to the GlobalProtect portal or gateway. The portal or gateway can
use either a shared or unique client certificate to validate that
the user or endpoint belongs to your organization.