I have configured a VPN portal and a gateway, both of them with an authentication profile that it's based on just an allow list (no authentication by RADIUS or anything else). The user is obtained from the common-name field of the user certificate that is signed by an external Certificate Authority.
It works fine, but the problem came when the common-name field of the user certificate has special character like ñ, í or Á for example, then on the logs appear "failed authentication. Reason: User is not in allowlist" and the logs show "." instead the special character (GARC.A instead GARCíA).
Someone knows how PA identified the special characters in this cases, to do the comparison with the "allow list"?
I had a PA-5050 with software version 4.1.11 and global protect client version 1.2.1 activated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!