GlobalProtect - Client Certificates Deployment

Reply
Creid
L0 Member

GlobalProtect - Client Certificates Deployment

Greetings,

 

I have used the following article to distribute client certificates for GlobalProtect:

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Issue-Certificates-to-GlobalProte...

 

My understanding is that with this method of certificate distribution, all client machines will have the same client certificate.

 

I understand that with any system, there's always a risk with regards to security, and that the risk will have to be managed accordingly.

 

My question is are there any major security concerns with each client machine having the same client certificate? If there's any documentation that I can reference, that would be helpful as well.

Tags (1)
BPry
Cyber Elite

Since they still have to sign into globalprotect with their credentials I wouldn't be to worried about having the same cert on all of their equipment, as anybody who gets the cert would still need the username and password. Most organziations use certs pretty heavily and many will have the same cert on all of their machines. We use a cert for one of our wireless SSIDS that uses a common cert, then have another SSID that uses the machine cert to authenticate. 

Creid
L0 Member

Makes sense. Thanks for the response.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!