cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Cyber Elite
Cyber Elite

Hi @chens ,

 

Yes, it is possible.  The only thing you need to do to configure GP client certificate authentication AND username/password/MFA is as follows:

 

  1. Install the certificate on the client (step 4 in the link below).  It could be unique for each client or the same.
  2. Create a certificate profile (step 5) and select it on the bottom of the Authentication tab of the portal and/or gateway.
  3. Make sure the Client Authentication configuration has "No (User Credentials AND Client Certificate Required)" selected for "Allow Authentication with User Credentials OR Client Certificate."

https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-quick-configs/...

 

That's it!

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

View solution in original post

Who rated this post