- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-21-2019 08:03 PM
I tried to replicate a Globalprotect portal setup from another site and it fails with the following message:
What am I missing?
01-22-2019 06:50 AM - edited 01-22-2019 06:58 AM
I'm sorry but @emr_1's identification of the issue/resolution is incorrect. (If your desire is only cert auth)
Like @Mick_Ball stated, if you're just wanting to do cert based auth you don't need anything in that main auth field.
Even @GIT_Sean mentioned the correct place as well. For accuracy the correct "resolved" post should be identified. (Now if you're doing more than cert auth and doing user auth as well then something is needed in the "Client Authentication" field)
01-21-2019 08:09 PM
You need to configure Client Authentication field.
01-21-2019 10:32 PM
If you just require certificate authentication then you may need to modify your certificate profile username field.
01-22-2019 06:23 AM
Hi @GIT_Sean,
The error message tells you that you haven't configured any authentication method for the portal.
It is surprising that only the SSL/TLS service profile is required field on this tab, but actually you need to define authentication method.
You can configure:
- Client authentication pointing to specific authentication profile (for RADIUS, TACACS, LDAP etc)
- Client machine certificate authentication only
- Or both - authentication profile and machine cert (this will require the user to put his credentials and to provide valid machine certificate
Looking at the error message it seems you haven't selected any authentication profile. If I am guessing you have copy-pasted the set commands for the portal, but you have forgot to copy-past the set commands for the server profile and the relevant authentication profile. For that reason when you have put the set commands for the portal, the line for configuring the client authentication was referring to invalid auth profile, there for it is being set to none.
Double check the setup you are trying to replicate and confirm what type of authentication you are using.
01-22-2019 06:36 AM
Thanks for the quick replies everyone. It turned out, I had an Authentication profile created, but I had failed to select a type (was set to None). Set it to Local Database, and it works now.
01-22-2019 06:50 AM - edited 01-22-2019 06:58 AM
I'm sorry but @emr_1's identification of the issue/resolution is incorrect. (If your desire is only cert auth)
Like @Mick_Ball stated, if you're just wanting to do cert based auth you don't need anything in that main auth field.
Even @GIT_Sean mentioned the correct place as well. For accuracy the correct "resolved" post should be identified. (Now if you're doing more than cert auth and doing user auth as well then something is needed in the "Client Authentication" field)
01-22-2019 07:01 AM
That is true...I set @emr_1 as the solution because it made me check my Authentication profile again and I discovered the error there, I've updated the accepted solution as this is the most complete answer.
11-24-2020 02:54 AM
IF we make cert profile to use subject feild would it require user certificate for that ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!