GlobalProtect - Client Certificates Deployment

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect - Client Certificates Deployment

L0 Member

Greetings,

 

I have used the following article to distribute client certificates for GlobalProtect:

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Issue-Certificates-to-GlobalProte...

 

My understanding is that with this method of certificate distribution, all client machines will have the same client certificate.

 

I understand that with any system, there's always a risk with regards to security, and that the risk will have to be managed accordingly.

 

My question is are there any major security concerns with each client machine having the same client certificate? If there's any documentation that I can reference, that would be helpful as well.

2 REPLIES 2

Cyber Elite
Cyber Elite

Since they still have to sign into globalprotect with their credentials I wouldn't be to worried about having the same cert on all of their equipment, as anybody who gets the cert would still need the username and password. Most organziations use certs pretty heavily and many will have the same cert on all of their machines. We use a cert for one of our wireless SSIDS that uses a common cert, then have another SSID that uses the machine cert to authenticate. 

Makes sense. Thanks for the response.

  • 1813 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!