02-11-2021 10:49 PM
I'm looking to rollout GlobalProtect to my company and trying to do it properly the first time around. We need need pre-login VPN capabilities and I've got that functioning with the user-based pre-login but I know it's also available to do using a certificate. In my testing this worked but required the certificate to be installed on the machine ahead of time for pre-login or post-login connection. I'm trying to roll this out in such a fashion that users can connect from home devices if needed but not be required/need to do pre-login because they would obviously not be on company-issued devices and we don't really want to burden them or IT with installing a certificate on every home computer now or in the future.
My question is has anyone come up with a single deployment that can be used to cover both company issued and BYOD devices that will invoke pre-login only if the situation matches (ie - the certificate exists therefore pre-login is performed)? I'd really like to be able to set things up in this fashion but haven't found a way to do this thus far. If anyone had thoughts or ideas I would be most grateful. Thank you!
