This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
GlobalProtect VPN with Windows-PKI (W2K8R2)
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Re: GlobalProtect VPN with Windows-PKI (W2K8R2)
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
GlobalProtect VPN with Windows-PKI (W2K8R2)
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-09-2012 08:59 AM
Hi
Currently we have a beta-environment for GlobalProtect-VPN on Windows7 (64bit).
Authentication with LDAP works fine.
But we want to use a client-certificate (user) from our internal Windows-PKI which is already rolled out to the endpoints.
Where can i find a complete step-by-step-guide?
Thanks for your help
Juergen
Labels:
- Labels:
-
Set Up
6 REPLIES 6
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-09-2012 11:02 PM
Hi
I am sorry. I know this guide but it doesn't cover my needs.
It starts on page 6 with "In this example the firewall is configured as CA server and this certificate to sign Gateway and Client certificates." - the guide is quiet good and it works with this configuration.
But we need it working together with our internal Windows-PKI and the depending client-certificates.
In the best case it works in the same way with iOS-devices (also with an already rolled out client-certificate).
Regards
Juergen
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-14-2012 04:24 PM
The client certificate that is used internally in GlobalProtect is provided to the client through the GlobalProtect Portal. If you'd like to use a client certificate from your PKI here, you have to import into the Portal including the private key. The certificate is actually shared across all GlobalProtect clients in your deployment to ensure that only clients from your deployment can connect to your configured GlobalProtect Gateways. It doesn't provide true machine authentication and authorization as you are looking for.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-15-2012 01:24 AM
Hi
Thank you. This is a bit disappointing that there is no way to fully use the Windows-PKI.
Could it be possible to use RADIUS instead?
Jürgen
Related Content
- Virtual Adapter was not setup correctly due to a delay (WIN10) in GlobalProtect Discussions
- Issue using MFA in GlobalProtect ) in GlobalProtect Discussions
- GlobalProtect IPv6 findings in GlobalProtect Discussions
- Device Block List for GlobalProtect - where is it in v10.x? in GlobalProtect Discussions
- Azure AD + Globalprotect = unable to filter the client settings in GlobalProtect Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks