- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-04-2021 11:46 PM
Hi
You'll need 2 certificates to be added to the firewall then attached to both services.
1. The management interface comes by default with a self-signed certificate, and this is the error you see from chrome - alerting you to this fact. As long as the management interface is strictly on the internal LAN only (without outside access) I think the GP certificate is more urgent. Also, sometimes a valid certificate cannot be used, for example company.com external domain and company.local internal domain. This depends on a few factors.
2. GlobalProtect is a remote VPN - this really should use a valid certificate, preferably one you purchase from an SSL certificate vendor just like certificates for any web site.
You import both under Device -> Certificate Management -> Certificates.
Then create certificate profiles (you probably have one for GP if it is already configured) in which you assign the certificate.
Lastly, for the management you assign the certificate profile under Device->Setup->Management->'SSL/TLS Service Profile'.
For the GP assuming you have a certificate profile already just make note of the current certificate used in the profile and switch to the newly imported one.
Finally commit.
Note: Please create a configuration snapshot for backup before you start: Device->Setup->Operations->'Save named configuration snapshot'.
Shai