GlobalProtect: Using An External Root CA

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Community Team Member

GlobalProtect: Using An External Root CAGlobalProtect: Using An External Root CA

 

The LIVEcommunity team presents some useful resources about configuring GlobalProtect, including pre-user logon, user-logon, on-demand, and using an external root CA. Learn more about where to find more resources to support your increased remote workforce.

 

 

 

Palo Alto Networks understands your challenges during COVID-19, and we realize that a new level of support is needed. In response to that, the LIVEcommunity team has created the COVID-19 Response Center where you'll find resources from across Palo Alto Networks specific to GlobalProtect and Prisma Access.

 

With that said, check out the following article about how to configure GlobalProtect using an External Root CA by our very own @chadley, Sr. Technical Support Engineer.

 

How to Configure GlobalProtect VPN Using an External Root CA 

 

Corbin Hadley's article covers the steps required to configure GlobalProtect VPN using an external root CA, such as Windows Server 2012 with AD certificate services running on it

He also explains how to create a root CA, how to go about exporting the root CA certificate, importing them to your clients, how to configure GlobalProtect on the firewall, and how to go about installing the client software to your PCs. And he doesn't stop there. There's even a section on how to troubleshoot, verify, and debug.

 

To configure GlobalProtect VPN just using self-signed certificates on the firewall (instead of having an internal/external root CA issue the certificates), the following Knowledge Base articles and Blogs may assist you:

 

Basic GlobalProtect Configuration: User-Logon

Basic GlobalProtect Configuration: Pre-Logon 

Basic GlobalProtect Configuration: On-Demand 

More-security-with-GlobalProtect (user-logon) 

Full-control-with-GlobalProtect (on-demand) 

What-s-this-pre-logon-mode-in-GlobalProtect-exactly 

 

Palo Alto Networks will continue to highlight new information and articles that can help you find solutions for your GlobalProtect applications during this time of increased remote work.

 

If you have any questions about the above articles, please don't hesitate to post them in the comment section below.

 

Thanks for taking time to read the blog.

If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.

 

Stay Secure,
Kiwi out!

1,315 Views
Labels