GlobalProtect Gateway Authentication Tab
to identify the SSL/TLS service profile and to configure the details of client authentication. You can add multiple client authentication configurations.
GlobalProtect Gateway Authentication Settings
SSL/TLS Service Profile
Client Authentication Area
Enter a unique name to identify this configuration.
By default, the configuration applies to all clients. You can refine the list of client endpoints by OS (
Satellitedevices, or by third-party IPSec VPN clients (
The OS is the main differentiator between multiple configurations. If you need multiple configurations for one OS, you can further distinguish the configurations by your choice of authentication profile.
Order the configurations from most specific at the top of the list to most general at the bottom.
Choose an authentication profile or sequence from the drop-down to authenticate access to the gateway. Refer to Device > Authentication Profile.
For client authentication, ensure that the Authentication Profile uses RADIUS or SAML with two-factor authentication. If you don’t use RADIUS or SAML, then you need to configure a Certificate profile in addition to an Authentication Profile.
Specify a custom username label for GlobalProtect gateway login. For example,
Email Address (username@domain).
Specify a custom password label for GlobalProtect gateway login. For example,
Passcode(for two-factor, token-based authentication).
To help end users know what credentials they should use for logging into this gateway, you can enter a message or keep the default message. The message can have a maximum of 256 characters.
Optional) Select the
Certificate Profilethe gateway uses to match those client certificates that come from user endpoints. With a Certificate Profile, the gateway authenticates the user only if the certificate from the client matches this profile (see Device > Certificate Management > Certificate Profile).
GlobalProtect Portals Authentication Configuration Tab
GlobalProtect Portals Authentication Configuration Tab Select Network GlobalProtect Portals Authentication to configure the various GlobalProtect™ portal settings: An SSL/TLS service profile that the portal and ...
Kerberos Authentication Support for macOS
The GlobalProtect app for macOS endpoints (10.10 and later releases) now supports Kerberos V5 SSO. ...
Enable Two-Factor Authentication Using One-Time Passwords (...
Enable Two-Factor Authentication Using One-Time Passwords (OTPs) Use this workflow to configure two-factor authentication using one-time passwords (OTPs) on the portal and gateways. When a ...
About GlobalProtect Cipher Selection
About GlobalProtect Cipher Selection GlobalProtect supports both IPsec and SSL tunnel modes. GlobalProtect also supports the ability to enable and require the GlobalProtect app to ...
Configure a GlobalProtect Gateway
Configure a GlobalProtect Gateway After you have completed the prerequisite tasks, configure the GlobalProtect Gateways : Add a gateway. Select Network GlobalProtect Gateways , and ...
Set Up LDAP Authentication
Set Up LDAP Authentication LDAP is often used by organizations as an authentication service and a central repository for user information. It can also be ...
Define the GlobalProtect Client Authentication Configurations
Define the GlobalProtect Client Authentication Configurations Each GlobalProtect client authentication configuration specifies the settings that enable the user to authenticate with the GlobalProtect portal. You ...
GlobalProtect Certificate Best Practices
GlobalProtect Certificate Best Practices The following table summarizes the SSL/TLS certificates you will need, depending on which features you plan to use: Certificate Usage Issuing ...
Two-Factor Authentication With two-factor authentication, the portal or gateway authenticates users through two mechanisms, such as a one-time password and Active Directory (AD) login credentials. ...