@MickBall are these individual users certs or 1 generic cert that covers all users. Individual users is the root CA about to expire or just the user certs. Just the end user certs. Our plan is to renew certificates on firewall, copy them to USB stick and ship it to end users. So, we anticipate at least a week from the time the cert is renewed on firewall to installation on end user device. My question is : will Globalprotect gateway/portal accept the connection from user (with old cert) when a new certificate exists on firewall(renewed cert is not yet installed on user machine)?
... View more