topic GlobalProtect Machine based Certificate Access in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/globalprotect-machine-based-certificate-access/m-p/1085714#M5395 <P>Hi</P> <P>&nbsp;</P> <P>Long time listener, first time caller.&nbsp; Since we have so many brute force attacks with GlobalProtect lately, I wanted to do machine based GlobalProtect Certificate access.&nbsp; Meaning we use a third party Certificate server within our environment to create Certificate and I assume this server would also be Root CA.&nbsp; Then push cert to all devices within our organization to the Local Computer, Personal, Certificates.&nbsp; Then get GlobalProtect configured on Gateway and Portal for only allowing connections with this certificate.&nbsp; I am also willing to do the whole cert process on the Palo Alto firewall also instead of third party cert server if that is easier.&nbsp; I'm just confused and most articles I look at show client certs only.&nbsp; If someone had some directions typed up or a site that has the directions down that would be great.</P> <P>&nbsp;</P> <P>Thanks</P> Wed, 15 Jan 2025 17:14:51 GMT DaveKlein 2025-01-15T17:14:51Z GlobalProtect Machine based Certificate Access https://live.paloaltonetworks.com/t5/next-generation-firewall/globalprotect-machine-based-certificate-access/m-p/1085714#M5395 <P>Hi</P> <P>&nbsp;</P> <P>Long time listener, first time caller.&nbsp; Since we have so many brute force attacks with GlobalProtect lately, I wanted to do machine based GlobalProtect Certificate access.&nbsp; Meaning we use a third party Certificate server within our environment to create Certificate and I assume this server would also be Root CA.&nbsp; Then push cert to all devices within our organization to the Local Computer, Personal, Certificates.&nbsp; Then get GlobalProtect configured on Gateway and Portal for only allowing connections with this certificate.&nbsp; I am also willing to do the whole cert process on the Palo Alto firewall also instead of third party cert server if that is easier.&nbsp; I'm just confused and most articles I look at show client certs only.&nbsp; If someone had some directions typed up or a site that has the directions down that would be great.</P> <P>&nbsp;</P> <P>Thanks</P> Wed, 15 Jan 2025 17:14:51 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/globalprotect-machine-based-certificate-access/m-p/1085714#M5395 DaveKlein 2025-01-15T17:14:51Z