topic Re: Apple MACs and Global Protect VPN identification? in General Topics

Apple MACs and Global Protect VPN identification?

Sec101 — Tue, 14 Jan 2020 14:24:07 GMT

How are you identifying Apple Mac devices/making sure they are part of your organization before letting them connect through Global Protect? We have an MDM - that joins our MACs, but the User ID-MDM integration is proving to be a bit more difficult than I had plannned. Are most of you using a certificate that is exported to a machine, and or verifying plists on the device?

Is there a better more common way to verify Apple MACs are part of your organization?

Re: Apple MACs and Global Protect VPN identification?

Sec101 — Wed, 15 Jan 2020 19:43:54 GMT

bump

Re: Apple MACs and Global Protect VPN identification?

BPry — Wed, 15 Jan 2020 21:49:15 GMT

@Sec101,

Certificate based authentication is always my go to, regardless of primary operating system. If you tie this together with HIP checks I find that it meets the security requirements for the vast majority of organizations.