https://live.paloaltonetworks.com/t5/general-topics/how-the-authentication-will-happen-for-gp-if-no-group-name-and/m-p/317013#M81482 <P>Hi Team,</P><P>&nbsp;</P><P>I just want to know on how the authentication will happen and IPSec connection will be established if we haven't configured X-Auth "Group Name" and "Group Password" under GP Gateway settings.</P><P>&nbsp;</P><P>As i see that it will use the Certificate provided by the 3rd party VPN Client. So but i am bit confused on how to understand this scenario. Can you please help me to understand this better. Thanks in advance !!</P><P>&nbsp;</P><P>Please review and clarify on the below comments.</P><P>&nbsp;</P><P>Comments: "If no group name and group password are defined, the first authentication phase is based on a valid certificate presented by the third-party VPN client. This certificate is then validated through the certificate profile configured in the authentication section."</P><P>&nbsp;</P><P>Best Regards,</P><P>Sahul Hameed</P> Wed, 18 Mar 2020 10:41:06 GMT SahulH 2020-03-18T10:41:06Z https://live.paloaltonetworks.com/t5/general-topics/how-the-authentication-will-happen-for-gp-if-no-group-name-and/m-p/317013#M81482 <P>Hi Team,</P><P>&nbsp;</P><P>I just want to know on how the authentication will happen and IPSec connection will be established if we haven't configured X-Auth "Group Name" and "Group Password" under GP Gateway settings.</P><P>&nbsp;</P><P>As i see that it will use the Certificate provided by the 3rd party VPN Client. So but i am bit confused on how to understand this scenario. Can you please help me to understand this better. Thanks in advance !!</P><P>&nbsp;</P><P>Please review and clarify on the below comments.</P><P>&nbsp;</P><P>Comments: "If no group name and group password are defined, the first authentication phase is based on a valid certificate presented by the third-party VPN client. This certificate is then validated through the certificate profile configured in the authentication section."</P><P>&nbsp;</P><P>Best Regards,</P><P>Sahul Hameed</P> Wed, 18 Mar 2020 10:41:06 GMT https://live.paloaltonetworks.com/t5/general-topics/how-the-authentication-will-happen-for-gp-if-no-group-name-and/m-p/317013#M81482 SahulH 2020-03-18T10:41:06Z https://live.paloaltonetworks.com/t5/general-topics/how-the-authentication-will-happen-for-gp-if-no-group-name-and/m-p/317052#M81491 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/116069">@SahulH</a> ,</P> <P>&nbsp;</P> <P>When a client certificate is the only means of authentication, the certificate that the user presents must contain the username in one of the certificate fields; typically the username corresponds to the common name (CN) in the Subject field of the certificate.</P> <P>&nbsp;</P> <P>Is this the information you're looking for ?</P> <P><A href="https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-quick-configs/remote-access-vpn-certificate-profile.html" target="_blank">https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-quick-configs/remote-access-vpn-certificate-profile.html</A></P> <P>&nbsp;</P> <P>Hope it helps,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Wed, 18 Mar 2020 14:25:27 GMT https://live.paloaltonetworks.com/t5/general-topics/how-the-authentication-will-happen-for-gp-if-no-group-name-and/m-p/317052#M81491 kiwi 2020-03-18T14:25:27Z