The first time a GlobalProtect app connects to the portal,
the user is prompted to authenticate to the portal. If authentication
succeeds, the GlobalProtect portal sends the GlobalProtect configuration,
which includes the list of gateways to which the app can connect,
and optionally a client certificate for connecting to the gateways.
After successfully downloading and caching the configuration, the
app attempts to connect to one of the gateways specified in the
configuration. Because these components provide access to your network
resources and settings, they also require the end user to authenticate.
The appropriate security level required on the portal and gateways
varies with the sensitivity of the resources that the gateway protects.
GlobalProtect provides a flexible authentication framework that
allows you to choose the authentication profile and certificate
profile that are appropriate to each component.