Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

GlobalProtect Pre-Login Certificate with BYOD

L1 Bithead

I'm looking to rollout GlobalProtect to my company and trying to do it properly the first time around.  We need need pre-login VPN capabilities and I've got that functioning with the user-based pre-login but I know it's also available to do using a certificate.  In my testing this worked but required the certificate to be installed on the machine ahead of time for pre-login or post-login connection.  I'm trying to roll this out in such a fashion that users can connect from home devices if needed but not be required/need to do pre-login because they would obviously not be on company-issued devices and we don't really want to burden them or IT with installing a certificate on every home computer now or in the future.


My question is has anyone come up with a single deployment that can be used to cover both company issued and BYOD devices that will invoke pre-login only if the situation matches (ie - the certificate exists therefore pre-login is performed)?  I'd really like to be able to set things up in this fashion but haven't found a way to do this thus far.  If anyone had thoughts or ideas I would be most grateful.  Thank you!

Who Me Too'd this topic