globalprotect key

Cyber Elite

I imagine that you guys were used to running the legacy Cisco VPN client; pretty much everyone has started to follow this same method. 

L7 Applicator

@jdprovine wrote:

I did a packet capture as well as verified that the user through the GP client is connecting via SSL (no clear password) and then the key exchange occurs which is found in the configuration on the firewall. I think the fact that you can't find a place to manually enter the key on the GP client was what was tripping my coworkers up.

yes.. the 'legacy' vpn clients worked on the principle of basic ipsec: you need to have a preshared key (or similar preshared something) and have determined how you will communicate (encryption algorythms) before you can even start communicating. theres a lot of things you need to manually do and know before you can get started


SSL takes out that need by using a simplified negotiation process reliant on certificates


hope you've been able to bring light to your coworkers :)




Tom Piens -
Find my book at
L4 Transporter

yes I showed them through the packet capture and the monitor logs that the first connection is a ssl one. thanks reaper I really like your new avatar

L4 Transporter

correct we  were have to change your whole thing with GP just like you have to change your whole thinking on how a firewall works a PA that is LOL

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!