07-27-2023 04:09 PM
Hello,
I am trying to find out more information about a GP portal setting called Machine Certificate Check under Portal Configuration / Agent / Agent Config / Config Selection Criteria / Device Checks. I was hoping to use a machine certificate check outside of the authentication tab to allow or disallow machines based on user/user group, but I can't seem to get it to work. I get a "You are not authorized to connect to GlobalProtect Portal" message. If I set the same certificate profile in the authentication tab, it works just fine when the cert is installed in the machine store. GlobalProtect connects as it should.
My question is, what is the difference between setting it in the authentication tab and setting it as a device check? It is using the same certificate profile and same certificate issued by the CA. I would think it should work set in either place.
PA-220 running 10.2.4
This is a test portal/gateway configuration I am using.
Thanks in advance for any input.
Michael
