The first time a GlobalProtect client connects to the
portal, the user is prompted to authenticate to the portal. If authentication
succeeds, the GlobalProtect portal sends the GlobalProtect configuration,
which includes the list of gateways to which the agent can connect,
and optionally a client certificate for connecting to the gateways.
After successfully downloading and caching the configuration, the
client attempts to connect to one of the gateways specified in the
configuration. Because these components provide access to your network
resources and settings, they also require the end user to authenticate.
The appropriate level of security required on the portal and
gateways varies with the sensitivity of the resources that the gateway protects.
GlobalProtect provides a flexible authentication framework that
allows you to choose the authentication profile and certificate profile
that are appropriate to each component.