Deploy Shared Client Certificates for Authentication
To confirm that an endpoint user belongs to your organization, you can use the same client certificate for all endpoints or generate separate certificates to deploy with a particular agent configuration. Use this workflow to issue self-signed client certificates and deploy them from the portal.
- Generate a certificate to deploy to multiple GlobalProtect
- Create the root CA certificate for issuing self-signed certificates for the GlobalProtect components.
- Select DeviceCertificate ManagementCertificatesDevice Certificates, and then Generate a new certificate.
- Set the Certificate Type to Local (default).
- Enter a Certificate Name. This name cannot contain spaces.
- Enter a Common Name to identify this certificate as an app certificate (for example, GP_Windows_App). Because this certificate will be deployed to all apps using the same agent configuration, it does not need to uniquely identify a specific user or endpoint.
- In the Signed By field, select your root CA.
- Select an OCSP Responder to verify the revocation status of certificates.
- Click OK to generate the certificate.
Up Two-Factor Authentication.Configure authentication settings in a GlobalProtect portal agent configuration to enable the portal to transparently deploy the client certificate, which is Local to the firewall, to apps that receive the configuration.
Deploy Machine Certificates for Authentication
Deploy Machine Certificates for Authentication To confirm that the endpoint belongs to your organization, use your own public-key infrastructure (PKI) to issue and distribute machine ...
GlobalProtect Certificate Best Practices
GlobalProtect Certificate Best Practices The following table summarizes the SSL/TLS certificates you will need, depending on which features you plan to use: Certificate Usage Issuing ...
Deploy Server Certificates to the GlobalProtect Components
Deploy Server Certificates to the GlobalProtect Components The following table shows the best practice steps for deploying SSL/TLS certificates to the GlobalProtect components: Import a ...
About Certificate Deployment
About Certificate Deployment There are two basic approaches to deploying certificates for GlobalProtect LSVPN: Enterprise Certificate Authority —If you already have your own enterprise certificate ...
Remote Access VPN with Pre-Logon
Remote Access VPN with Pre-Logon Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is ...
Deploy User-Specific Client Certificates for Authentication
Deploy User-Specific Client Certificates for Authentication To authenticate individual users, you must issue a unique client certificate to each GlobalProtect user and deploy the client ...
About GlobalProtect Certificate Deployment
About GlobalProtect Certificate Deployment There are three basic approaches to Deploy Server Certificates to the GlobalProtect Components : ( Recommended ) Combination of third-party certificates ...
Remote Access VPN (Certificate Profile)
Remote Access VPN (Certificate Profile) With certificate authentication, the user must present a valid client certificate that identifies them to the GlobalProtect portal or gateway. ...
Generate a Certificate
Generate a Certificate Palo Alto Networks firewalls and Panorama use certificates to authenticate clients, servers, users, and devices in several applications, including SSL/TLS decryption, Captive ...