Does someone know why I'm being prompted by GlobalProtect to choose a certificate...under what circumstances does this happen...is it by design or a BUG? How can I stop it from happening!!!
It's most likely because you have client certificate authentication enabled, so he is asking you to provide the certificate to authenticate with. Just a guess.
How is GlobalProtect configured ? Are you required to use a client certificate for authentication ?
Client Certificate is used to enable mutual authentication in establishing an HTTPS session between the agents and the gateways/portal. This ensures that only devices with valid client certificates are able to authenticate and connect to the network.
How can you stop it ? Install the client certificate on your device (if this is actually the issue).
Hope this helps,
GlobalProtect was rolled out by my company with very little fanfare. The only people that received any sort of notice or communication were those that used the previous vendors VPN. Soooo, I know very little about this product...and even less about how it was installed and configured on my notebook PC. I can view minimal GlobalProtect Settings. There are tabs for General which shows the User and which Portal it's connected to; Connection which shows a list of gateways and that's about it; Host Profile which shows a lot of info about my PC specs; Troubleshooting which allows me to turn on various logs for PanGP Service and/or PanGP Agent; Notification which shows a blank screen. I have two options when it prompts me to select a certificate to connect to GlobalProtect...one of the options contains the word Auto, so I thought choosing that would eliminate future prompting....not so. I talked to my Help Desk and they did not have any suggestions or answers. Would you suggest talking to palo alto support directly? I think I tried that and ended up at this forum??
You should only get a prompt if the client has multiple certificates signed by the same CA on the firewall's GP cert profile config.
If you have any other client certificates from the same CA as the one for GP, the prompt will happen each time. If you don't need those other certs for any reason, you can delete them to avoid the prompt.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!