GlobalProtect Certificate Profile not on Gateway and Portal

Showing results for 
Search instead for 
Did you mean: 

GlobalProtect Certificate Profile not on Gateway and Portal

L3 Networker

Is there any specific why someone would configured a certificate profille only on a GP Gateway and not on a GP Portal  (or vice versa)?


In tutorials or videos, I've always seen it configured on both, but on some networks I've seen people only configure on one of them


Cyber Elite
Cyber Elite

For example, if you have one portal and two or more gateways. The different gateways you have to access different networks or to apply different security settings. May be gateway 1 is for employees of other companys to support different systems in your network, here you want to enforce 2-factor-authentication. Gateway to for internal employees with corporate computers with client certificates and in addition to that standard LDAP auth to enable a seamless user expetience. And gateway 3 is for admins to access some management systems so here you want to have a certificate profile and 2-factor-authentication enabled.

So to manage all these settings with only one portal you have to configure the portal with different settings than the gateways, because the external support employes probably do not have a client certificate from your vorporate PKI.

Thanks for the reply. That's a great example, I didn't think of it!


In the scenarios that I have seen, there has only been 1 portal and 1 gateway. In this scenario, I cannot come up with a reason why it wouldn't be on both gateway and portal. The solution works, so I guess it does not matter much

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!