The LIVEcommunity team presents some useful resources about configuring GlobalProtect, including pre-user logon, user-logon, on-demand, and using an external root CA. Learn more about where to find more resources to support your increased remote workforce.
Palo Alto Networks understands your challenges during COVID-19, and we realize that a new level of support is needed. In response to that, the LIVEcommunity team has created the COVID-19 Response Center where you'll find resources from across Palo Alto Networks specific to GlobalProtect and Prisma Access.
With that said, check out the following article about how to configure GlobalProtect using an External Root CA by our very own @chadley, Sr. Technical Support Engineer.
Corbin Hadley's article covers the steps required to configure GlobalProtect VPN using an external root CA, such as Windows Server 2012 with AD certificate services running on it
He also explains how to create a root CA, how to go about exporting the root CA certificate, importing them to your clients, how to configure GlobalProtect on the firewall, and how to go about installing the client software to your PCs. And he doesn't stop there. There's even a section on how to troubleshoot, verify, and debug.
To configure GlobalProtect VPN just using self-signed certificates on the firewall (instead of having an internal/external root CA issue the certificates), the following Knowledge Base articles and Blogs may assist you: