topic GlobalProtect Pre-Login Certificate with BYOD in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-pre-login-certificate-with-byod/m-p/385561#M922 <P>I'm looking to rollout GlobalProtect to my company and trying to do it properly the first time around.&nbsp; We need need pre-login VPN capabilities and I've got that functioning with the user-based pre-login but I know it's also available to do using a certificate.&nbsp; In my testing this worked but required the certificate to be installed on the machine ahead of time for pre-login or post-login connection.&nbsp; I'm trying to roll this out in such a fashion that users can connect from home devices if needed but not be required/need to do pre-login because they would obviously not be on company-issued devices and we don't really want to burden them or IT with installing a certificate on every home computer now or in the future.</P><P>&nbsp;</P><P>My question is has anyone come up with a single deployment that can be used to cover both company issued and BYOD devices that will invoke pre-login only if the situation matches (ie - the certificate exists therefore pre-login is performed)?&nbsp; I'd really like to be able to set things up in this fashion but haven't found a way to do this thus far.&nbsp; If anyone had thoughts or ideas I would be most grateful.&nbsp; Thank you!</P> Fri, 12 Feb 2021 06:49:09 GMT rix_jborgen 2021-02-12T06:49:09Z GlobalProtect Pre-Login Certificate with BYOD https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-pre-login-certificate-with-byod/m-p/385561#M922 <P>I'm looking to rollout GlobalProtect to my company and trying to do it properly the first time around.&nbsp; We need need pre-login VPN capabilities and I've got that functioning with the user-based pre-login but I know it's also available to do using a certificate.&nbsp; In my testing this worked but required the certificate to be installed on the machine ahead of time for pre-login or post-login connection.&nbsp; I'm trying to roll this out in such a fashion that users can connect from home devices if needed but not be required/need to do pre-login because they would obviously not be on company-issued devices and we don't really want to burden them or IT with installing a certificate on every home computer now or in the future.</P><P>&nbsp;</P><P>My question is has anyone come up with a single deployment that can be used to cover both company issued and BYOD devices that will invoke pre-login only if the situation matches (ie - the certificate exists therefore pre-login is performed)?&nbsp; I'd really like to be able to set things up in this fashion but haven't found a way to do this thus far.&nbsp; If anyone had thoughts or ideas I would be most grateful.&nbsp; Thank you!</P> Fri, 12 Feb 2021 06:49:09 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-pre-login-certificate-with-byod/m-p/385561#M922 rix_jborgen 2021-02-12T06:49:09Z