05-09-2012 08:59 AM
Currently we have a beta-environment for GlobalProtect-VPN on Windows7 (64bit).
Authentication with LDAP works fine.
But we want to use a client-certificate (user) from our internal Windows-PKI which is already rolled out to the endpoints.
Where can i find a complete step-by-step-guide?
Thanks for your help
05-09-2012 11:02 PM
I am sorry. I know this guide but it doesn't cover my needs.
It starts on page 6 with "In this example the firewall is configured as CA server and this certificate to sign Gateway and Client certificates." - the guide is quiet good and it works with this configuration.
But we need it working together with our internal Windows-PKI and the depending client-certificates.
In the best case it works in the same way with iOS-devices (also with an already rolled out client-certificate).
05-14-2012 04:24 PM
The client certificate that is used internally in GlobalProtect is provided to the client through the GlobalProtect Portal. If you'd like to use a client certificate from your PKI here, you have to import into the Portal including the private key. The certificate is actually shared across all GlobalProtect clients in your deployment to ensure that only clients from your deployment can connect to your configured GlobalProtect Gateways. It doesn't provide true machine authentication and authorization as you are looking for.
05-15-2012 01:24 AM
Thank you. This is a bit disappointing that there is no way to fully use the Windows-PKI.
Could it be possible to use RADIUS instead?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!