Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma Access Insights
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- Collaboration
- ›
- Discussions
- ›
- VM-Series in the Public Cloud
- ›
- Who rated this post
Who rated this post
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Who rated this post
07-23-2020
05:30 PM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-23-2020
05:30 PM
This is by design. If you allow a user to connect using Credential OR Client Cert, we'd need a username from the client cert.
A workaround is to set the User Name in the Certificate Profile to using the Subject Alt Name of the Certificate. When you generate the Machine Certificate for the Pre-Logon, do NOT put anything in the Subject Alt Name field. This should allow both Machine Cert users (without Cookies) and non-Machine Cert users.
Best practice would be to set-up 2 Portals and 2 Gateways. One with the CertProfile (for your domain trusted machines) and one without (for your contractors).
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
