- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-04-2021 10:22 PM
i am going to access PA firewall on the browser or Global protect its shows Your connection is not private (Privacy error) then I m clicking on proceed to unsafe then it's showing the main page. how to resolve this.
security certificate does not specify
12-04-2021 11:46 PM
Hi
You'll need 2 certificates to be added to the firewall then attached to both services.
1. The management interface comes by default with a self-signed certificate, and this is the error you see from chrome - alerting you to this fact. As long as the management interface is strictly on the internal LAN only (without outside access) I think the GP certificate is more urgent. Also, sometimes a valid certificate cannot be used, for example company.com external domain and company.local internal domain. This depends on a few factors.
2. GlobalProtect is a remote VPN - this really should use a valid certificate, preferably one you purchase from an SSL certificate vendor just like certificates for any web site.
You import both under Device -> Certificate Management -> Certificates.
Then create certificate profiles (you probably have one for GP if it is already configured) in which you assign the certificate.
Lastly, for the management you assign the certificate profile under Device->Setup->Management->'SSL/TLS Service Profile'.
For the GP assuming you have a certificate profile already just make note of the current certificate used in the profile and switch to the newly imported one.
Finally commit.
Note: Please create a configuration snapshot for backup before you start: Device->Setup->Operations->'Save named configuration snapshot'.
Shai
12-04-2021 11:46 PM
Hi
You'll need 2 certificates to be added to the firewall then attached to both services.
1. The management interface comes by default with a self-signed certificate, and this is the error you see from chrome - alerting you to this fact. As long as the management interface is strictly on the internal LAN only (without outside access) I think the GP certificate is more urgent. Also, sometimes a valid certificate cannot be used, for example company.com external domain and company.local internal domain. This depends on a few factors.
2. GlobalProtect is a remote VPN - this really should use a valid certificate, preferably one you purchase from an SSL certificate vendor just like certificates for any web site.
You import both under Device -> Certificate Management -> Certificates.
Then create certificate profiles (you probably have one for GP if it is already configured) in which you assign the certificate.
Lastly, for the management you assign the certificate profile under Device->Setup->Management->'SSL/TLS Service Profile'.
For the GP assuming you have a certificate profile already just make note of the current certificate used in the profile and switch to the newly imported one.
Finally commit.
Note: Please create a configuration snapshot for backup before you start: Device->Setup->Operations->'Save named configuration snapshot'.
Shai
12-08-2021 08:25 AM
I have SSL certificate and this is we used for the website. can I use this same SSL certificate for global protect?
06-12-2022 11:06 PM
Can you provide a clear solution as far as i can't solve the issue with this way if you post some picture from configuration will help us to resolve the issue.
Thank you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!