Global protect "certificate is not singed by CA" not allow to connect time to time

Navaneetharaj — Wed, 06 Sep 2023 07:17:59 GMT

We have global protect version 6.1.1-5

When we connect to the GP it's working fine. Once we connect to another firewall's GP and disconnected from it and try to connect again to same firewall then we get the error "certificate is not singed by CA"

For example :

Let's assume Site A is having a firewall cluster and Site B is having a firewall cluster. If we connect to Site A firewall GP connects successful and then if we disconnect from site A and connect to site B then also GP connects without any issues. If we try to disconnect from site B and connect to site A again then we are getting the above mentioned error.

Any solutions for this ?

Re: Global protect "certificate is not singed by CA" not allow to connect time to time

S.Cantwell — Tue, 24 Oct 2023 22:37:03 GMT

The recommendation (based on my understanding) is to ensure that both siteA and siteB are using publicly signed certificates for the Global Protect. Because you do not mention it, I am not sure to presume they are publicly signed. I am not sure if you are using 2 different portals (siteA portal with 2 gateways.. siteA and siteB?). There are so many variables, that is makes sense to open a TAC web case to get this properly troubleshot.

topic Re: Global protect "certificate is not singed by CA" not allow to connect time to time in Next-Generation Firewall Discussions

Global protect "certificate is not singed by CA" not allow to connect time to time

Re: Global protect "certificate is not singed by CA" not allow to connect time to time