GlobalProtect Gateway Authentication Tab
Select the Authentication tab to identify the SSL/TLS service profile and to configure the details of client authentication. You can add multiple client authentication configurations.
GlobalProtect Gateway Authentication Settings
SSL/TLS Service Profile
Select an SSL/TLS service profile for securing this GlobalProtect gateway. For details about the contents of a service profile, see Device > Certificate Management > SSL/TLS Service Profile.
Client Authentication Area
Enter a unique name to identify this configuration.
By default, the configuration applies to all endpoints. You can refine the list of endpoints by OS (Android, Chrome, iOS, Linux, Mac, Windows, or WindowsUWP), by Satellite devices, or by third-party IPSec VPN clients (X-Auth).
The OS is the main differentiator between multiple configurations. If you need multiple configurations for one OS, you can further distinguish the configurations by your choice of authentication profile.
Order the configurations from most specific at the top of the list to most general at the bottom.
Choose an authentication profile or sequence from the drop-down to authenticate access to the gateway. Refer to Device > Authentication Profile.
For client authentication, ensure that the Authentication Profile uses RADIUS or SAML with two-factor authentication. If you don’t use RADIUS or SAML, then you need to configure a Certificate profile in addition to an Authentication Profile.
Specify a custom username label for GlobalProtect gateway login. For example, Username (only) or Email Address (username@domain).
Specify a custom password label for GlobalProtect gateway login. For example, Password (Turkish) or Passcode (for two-factor, token-based authentication).
To help end users know what credentials they should use for logging into this gateway, you can enter a message or keep the default message. The message can have a maximum of 256 characters.
Allow Authentication with User Credentials OR Client Certificate
If you select No, users must authenticate to the gateway using both user credentials and client certificates. If you select Yes, users can authenticate to the gateway using either user credentials or client certificates.
(Optional) Select the Certificate Profile the gateway uses to match those client certificates that come from user endpoints. With a Certificate Profile, the gateway authenticates the user only if the certificate from the client matches this profile.
If you set the Allow Authentication with User Credentials OR Client Certificate option to No, you must select a Certificate Profile. If you set the Allow Authentication with User Credentials OR Client Certificate option to Yes, the Certificate Profile is optional.
The certificate profile is independent of the OS.
GlobalProtect Portals Authentication Configuration Tab
GlobalProtect Portals Authentication Configuration Tab Network GlobalProtect Portals Authentication Select the Authentication tab to configure the various GlobalProtect™ portal settings: An SSL/TLS service profile that ...
Mixed Authentication Method Support for Certificates or User Credentials
A single GlobalProtect portal or gateway can now support multiple combinations of authentication methods with user credentials and/or client certificates. ...
Define the GlobalProtect Client Authentication Configurations
Define the GlobalProtect Client Authentication Configurations Each GlobalProtect client authentication configuration specifies the settings that enable the user to authenticate with the GlobalProtect portal. You ...
Enable Two-Factor Authentication Using One-Time Passwords (...
Enable Two-Factor Authentication Using One-Time Passwords (OTPs) Use this workflow to configure two-factor authentication using one-time passwords (OTPs) on the portal and gateways. When a ...
Configure a GlobalProtect Gateway
Configure a GlobalProtect gateway to enforce security policies and provide VPN access for your users. ...
Set Up Access to the GlobalProtect Portal
Set Up Access to the GlobalProtect Portal After you have completed the Prerequisite Tasks for Configuring the GlobalProtect Portal , configure the GlobalProtect portal as ...
Set Up LDAP Authentication
Set Up LDAP Authentication LDAP is often used by organizations as an authentication service and a central repository for user information. It can also be ...
Remote Access VPN with Pre-Logon
Remote Access VPN with Pre-Logon Pre-logon is a connect method that establishes a VPN tunnel before a user logs in. The purpose of pre-logon is ...
Enable Two-Factor Authentication Using Certificate and Auth...
Enable Two-Factor Authentication Using Certificate and Authentication Profiles The following workflow describes how to configure GlobalProtect to require users to authenticate to both a certificate ...