05-02-2022 12:05 PM
I finally got combined certificate and user/pass/MFA authorization for our always-on VPN clients to multiple firewalls (cert auth to the Portal for valid asset checks and auto-login to trigger internal host detection, user/pass/MFA auth to the Gateway for actually establishing the VPN). Moved ~225 Windows10 clients in 1 swoop with only 1 problem (a missing cert on one machine). Has been pretty much trouble free except.... I have 2 Windows11 clients, neither of which can connect to the cert-authenticated Portals. Both can connect to a user/pass authenticated Portal without issue.
The Windows11 GP clients show a "The network connection is unreachable or the portal is unresponsive." error message when connecting. Browsing to the portal address results in a "Valid client certificate is required." error message. The user cert requested for authentication is valid. Weirdly, the Windows11 GP client can connect to the exact same external Portal from inside the corporate network, with the cert, without issue (and trigger the internal host detection). Windows10 GP clients can connect internally and externally without issue.
Has anyone seen this? Am I missing an option required for Windows11?