https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-gateway-certificate-issue/m-p/4723#M3484 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Just recently after upgrading to Global Protect Version 1.2.4 we started getting error messages on our external users laptops that there was an " CN Mismatch Name" but continuing still allowed them to connect..</P><P></P><P>After determing it was a Common Name issue with the Device Certificate " web-server" - Subject "Local Host"</P><P></P><P>I am now after some instructions on how to setup a new certificate with a common name of the IP Address of the Tunnel Interface..&nbsp; and then configure this within the Portal and Gateway sections of the PA 2050..</P><P></P><P>Creating a new certificate currently doesn't open the Portal Page and when trying to connect with the Global Protect client nothing happens ?</P><P></P><P>Any assistance would be great..</P><P></P><P>Thanks Simon </P></BODY></HTML> Fri, 05 Jul 2013 04:09:06 GMT acmi 2013-07-05T04:09:06Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-gateway-certificate-issue/m-p/4723#M3484 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Just recently after upgrading to Global Protect Version 1.2.4 we started getting error messages on our external users laptops that there was an " CN Mismatch Name" but continuing still allowed them to connect..</P><P></P><P>After determing it was a Common Name issue with the Device Certificate " web-server" - Subject "Local Host"</P><P></P><P>I am now after some instructions on how to setup a new certificate with a common name of the IP Address of the Tunnel Interface..&nbsp; and then configure this within the Portal and Gateway sections of the PA 2050..</P><P></P><P>Creating a new certificate currently doesn't open the Portal Page and when trying to connect with the Global Protect client nothing happens ?</P><P></P><P>Any assistance would be great..</P><P></P><P>Thanks Simon </P></BODY></HTML> Fri, 05 Jul 2013 04:09:06 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-gateway-certificate-issue/m-p/4723#M3484 acmi 2013-07-05T04:09:06Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-gateway-certificate-issue/m-p/4724#M3485 <HTML><HEAD></HEAD><BODY><P>Instructions assuming</P><P>a&gt;Using Self signed certificates</P><P>b&gt; Firewall acting as Portal and Gateway both.</P><P></P><P>1&gt;Generate a New CA Certificate (Check the box <SPAN style="color: #222222; font-family: Tahoma, Arial, Helvetica, sans-serif; font-size: 11px; background-color: #ebedee;">Certificate Authority</SPAN>) on PANOS firewall [ (Device&gt;Certificates)]</P><P>The common name of the certificate must be either the IP address or FQDN of the egress interface of</P><P>the firewall where the clients connect.</P><P>2&gt;This certificate can be used as a Server Certificate in the Portal and Gateway sections.</P><P>3&gt;Also verify if the Gateway IP has been correctly configured Under:</P><P>:Network&gt;GlobalProtect &gt; Portals&gt;Client Configuration tab&gt;External Gateways</P><P></P><P>For quick instructions for the rest of Config:</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-2904">How to Configure GlobalProtect</A></P><P></P><P>For Detailed Instructions :</P><P></P><P><A __default_attr="2020" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P><P><A __default_attr="2568" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P></BODY></HTML> Fri, 05 Jul 2013 07:31:05 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-portal-gateway-certificate-issue/m-p/4724#M3485 UhMayYeah 2013-07-05T07:31:05Z