GlobalProtect Gateway Authentication Tab

Select
Network
GlobalProtect
Gateways
Authentication
to identify the SSL/TLS service profile and to configure the details of client authentication. You can add multiple client authentication configurations.
GlobalProtect Gateway Authentication Settings
SSL/TLS Service Profile
Select an SSL/TLS service profile for securing this GlobalProtect gateway. For details about the contents of a service profile, see Device > Certificate Management > SSL/TLS Service Profile.
Client Authentication Area
Name
Enter a unique name to identify this configuration.
OS
By default, the configuration applies to all clients. You can refine the list of client endpoints by OS (
Android
,
Chrome
,
iOS
,
Linux
,
Mac
,
Windows
, or
WindowsUWP
), by
Satellite
devices, or by third-party IPSec VPN clients (
X-Auth
).
The OS is the main differentiator between multiple configurations. If you need multiple configurations for one OS, you can further distinguish the configurations by your choice of authentication profile.
Order the configurations from most specific at the top of the list to most general at the bottom.
Authentication Profile
Choose an authentication profile or sequence from the drop-down to authenticate access to the gateway. Refer to Device > Authentication Profile.
For client authentication, ensure that the Authentication Profile uses RADIUS or SAML with two-factor authentication. If you don’t use RADIUS or SAML, then you need to configure a Certificate profile in addition to an Authentication Profile.
Username Label
Specify a custom username label for GlobalProtect gateway login. For example,
Username (only)
or
Email Address (username@domain)
.
Password Label
Specify a custom password label for GlobalProtect gateway login. For example,
Password (Turkish)
or
Passcode
(for two-factor, token-based authentication).
Authentication Message
To help end users know what credentials they should use for logging into this gateway, you can enter a message or keep the default message. The message can have a maximum of 256 characters.
Certificate Profile
(
Optional
) Select the
Certificate Profile
the gateway uses to match those client certificates that come from user endpoints. With a Certificate Profile, the gateway authenticates the user only if the certificate from the client matches this profile (see Device > Certificate Management > Certificate Profile).

Related Documentation