Just recently after upgrading to Global Protect Version 1.2.4 we started getting error messages on our external users laptops that there was an " CN Mismatch Name" but continuing still allowed them to connect..
After determing it was a Common Name issue with the Device Certificate " web-server" - Subject "Local Host"
I am now after some instructions on how to setup a new certificate with a common name of the IP Address of the Tunnel Interface.. and then configure this within the Portal and Gateway sections of the PA 2050..
Creating a new certificate currently doesn't open the Portal Page and when trying to connect with the Global Protect client nothing happens ?
Any assistance would be great..
a>Using Self signed certificates
b> Firewall acting as Portal and Gateway both.
1>Generate a New CA Certificate (Check the box Certificate Authority) on PANOS firewall [ (Device>Certificates)]
The common name of the certificate must be either the IP address or FQDN of the egress interface of
the firewall where the clients connect.
2>This certificate can be used as a Server Certificate in the Portal and Gateway sections.
3>Also verify if the Gateway IP has been correctly configured Under:
:Network>GlobalProtect > Portals>Client Configuration tab>External Gateways
For quick instructions for the rest of Config:
For Detailed Instructions :
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!