I've been detecting that some users have their VPN certificate expired and still manage to connect to the Global Protect VPN.
The Global Protect settings are correct, since most users if their certificate is expired do not let them connect.
Globalprotect version: 4.1.9
PAN-OS version: 8.0.15
Will it be some configuration error?
In GP software 3.14, expired/self signed certs were not checked.
After 3.1,4, the GP portal will check if a cert is valid or not, and deny access.
You could download the software 3.1.4, and have all users install it, and it could be an acceptable solution.
But to answer your question...is it a configuration on the FW issue? No, it is not.
What I want is that users who have an expired certificate cannot connect to GlobalProtect.
And know the root cause
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!