Global Protect Portal/Gateway Certificate Issue

Reply
Highlighted
L1 Bithead

Global Protect Portal/Gateway Certificate Issue

Hi,

Just recently after upgrading to Global Protect Version 1.2.4 we started getting error messages on our external users laptops that there was an " CN Mismatch Name" but continuing still allowed them to connect..

After determing it was a Common Name issue with the Device Certificate " web-server" - Subject "Local Host"

I am now after some instructions on how to setup a new certificate with a common name of the IP Address of the Tunnel Interface..  and then configure this within the Portal and Gateway sections of the PA 2050..

Creating a new certificate currently doesn't open the Portal Page and when trying to connect with the Global Protect client nothing happens ?

Any assistance would be great..

Thanks Simon

Highlighted
L5 Sessionator

Instructions assuming

a>Using Self signed certificates

b> Firewall acting as Portal and Gateway both.

1>Generate a New CA Certificate (Check the box Certificate Authority) on PANOS firewall [ (Device>Certificates)]

The common name of the certificate must be either the IP address or FQDN of the egress interface of

the firewall where the clients connect.

2>This certificate can be used as a Server Certificate in the Portal and Gateway sections.

3>Also verify if the Gateway IP has been correctly configured Under:

:Network>GlobalProtect > Portals>Client Configuration tab>External Gateways

For quick instructions for the rest of Config:

How to Configure GlobalProtect

For Detailed Instructions :

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!