Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About MPotgieter
About MPotgieter
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
04-23-2020
2Posts
0Likes
0Solutions
Apr 23, 2020Last Visited
User
Activity
User
Profile
Latest posts by MPotgieter
| Subject | Views | Posted |
|---|---|---|
| 586 | 04-23-2020 05:07 AM | |
| 813 | 03-31-2020 02:15 PM |
User Badges
Public Statistics
| Date Registered | 08-27-2019 11:55 PM |
| Date Last Visited | 04-23-2020 08:28 AM |
| Total Messages Posted | 2 |
04-23-2020
05:07 AM
Hi @Ezekoli Thanks for your response, but it's not quite what I'm asking. My query isn't about which type of certificate to use. When you create a certificate profile, you are able to select how the username field will be populated from the certificate (if for e.g. you are using the certificate as part of GlobalProtect authentication). The three options are Subject (which populates from the common name), Alternative Name (which populates from the Email or Principal Name depending on your choice) or None (which doesn't fill the username field at all). Everything I've read indicates that you can select a username field to add security to that process, i.e. I've got a username and password but I don't have a cert, I can't use another user's certificate if I had to get hold of one or I can't use another users machine to log on with my credentials. But if you don't need or want that extra level of security, you should be able to select "None". However, when I do that, I get commit failures. This is the issue I would like to address - why does the firewall fail to commit if there is no option selected for the username field on the certificate profile.
... View more
03-31-2020
02:15 PM
Hi, I'm busy setting up GlobalProtect for a client, and already have LDAP authentication working. However the client requires a second factor for the authentication and went with certificates because they have an internal PKI. I've been trying to configure this to use machine certificates, so that only corporate machines would have access. I've followed the guides, and this LIVEcommunity post re-iterates what's I've read. https://live.paloaltonetworks.com/t5/General-Topics/GlobalProtect-Use-Machince-Certificates-for-Authentication/m-p/312766#M80840 However, when I leave the Username Field blank in the certificate profile, I get failed commits with the following details: GlobalProtect portal(portal name) auth setting is invalid: no username field is configured in certificate profile. (Module: sslvpn) GlobalProtect gateway(gateway name) auth setting is invalid: no username field is configured in certificate profile. (Module: rasmgr) global-protect-gateway tunnel interface (tunnel name) in vsys (vsys1) parsing failed (Module: rasmgr) What am I missing here that would cause this error, when all the literature I've been through indicates that I should be able to set the Username Field to "None"? We've even moved to a higher maintenance release on the firewall in case this was a bug. Now running PAN-OS 9.0.7. Any suggestion of where I could or should look for issues will be appreciated. Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-23-2020
08:28 AM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
