I'm looking to rollout GlobalProtect to my company and trying to do it properly the first time around. We need need pre-login VPN capabilities and I've got that functioning with the user-based pre-login but I know it's also available to do using a certificate. In my testing this worked but required the certificate to be installed on the machine ahead of time for pre-login or post-login connection. I'm trying to roll this out in such a fashion that users can connect from home devices if needed but not be required/need to do pre-login because they would obviously not be on company-issued devices and we don't really want to burden them or IT with installing a certificate on every home computer now or in the future.
My question is has anyone come up with a single deployment that can be used to cover both company issued and BYOD devices that will invoke pre-login only if the situation matches (ie - the certificate exists therefore pre-login is performed)? I'd really like to be able to set things up in this fashion but haven't found a way to do this thus far. If anyone had thoughts or ideas I would be most grateful. Thank you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!