End-of-Life (EoL)
You can now easily and transparently install the trusted root certificate authority (CA) certificates that are required for SSL Forward Proxy decryption by enabling a new option in a GlobalProtect portal agent configuration for each certificate.
This enables the GlobalProtect portal to automatically distribute the certificate and install it in the certificate store on Windows and Mac endpoints. The firewall uses these certificates to establish itself as a trusted third party to the session between the client and the server.
Use GlobalProtect to Distribute Certificates for SSL Forward Proxy Decryption
Before You Begin: Get started with GlobalProtect. Configure the forward trust certificate (could be a self-signed certificate or an enterprise CA-signed certificate) for use with SSL Forward Proxy decryption.
Select Network > GlobalProtect > Portals and then select an existing portal configuration or Add a new one.
Select Agent and then select an existing agent configuration or Add a new one.
If it doesn’t already exist, Add the SSL Forward Proxy forward trust certificate to the Trusted Root CA section.
Install in Local Root Certificate Store so that the GlobalProtect portal automatically distributes the certificate and installs it in the certificate store on GlobalProtect client systems.
Click OK twice.
Ensure that you complete all steps to enable SSL Forward Proxy decryption, including setting up a decryption policy rule to define traffic the firewall decrypts.
Commit your changes.

Recommended For You