GlobalProtect Gateway Authentication Tab
to identify the SSL/TLS service profile and to configure the details of client authentication. You can add multiple client authentication configurations.
GlobalProtect Gateway Authentication Settings
SSL/TLS Service Profile
Client Authentication Area
Enter a unique name to identify this configuration.
By default, the configuration applies to all clients. You can refine the list of client endpoints by OS (
Satellitedevices, or by third-party IPSec VPN clients (
The OS is the main differentiator between multiple configurations. If you need multiple configurations for one OS, you can further distinguish the configurations by your choice of authentication profile.
Order the configurations from most specific at the top of the list to most general at the bottom.
Choose an authentication profile or sequence from the drop-down to authenticate access to the gateway. Refer to Device > Authentication Profile.
For client authentication, ensure that the Authentication Profile uses RADIUS or SAML with two-factor authentication. If you don’t use RADIUS or SAML, then you need to configure a Certificate profile in addition to an Authentication Profile.
Specify a custom username label for GlobalProtect gateway login. For example,
Email Address (username@domain).
Specify a custom password label for GlobalProtect gateway login. For example,
Passcode(for two-factor, token-based authentication).
To help end users know what credentials they should use for logging into this gateway, you can enter a message or keep the default message. The message can have a maximum of 256 characters.
Optional) Select the
Certificate Profilethe gateway uses to match those client certificates that come from user endpoints. With a Certificate Profile, the gateway authenticates the user only if the certificate from the client matches this profile (see Device > Certificate Management > Certificate Profile).
Recommended For You
Recommended videos not found.