With the optional client certificate authentication,
the user presents a client certificate along with a connection request
to the GlobalProtect portal or gateway. The portal or gateway can use
either a shared or unique client certificate to validate that the
user or endpoint belongs to your organization.