We're using these versions (Yes, we need to upgrade, but other priorities at the moment) PANos 8.1.14 Global Protect client 5.2.1 We're currently usingOn-Demand, which is working. We used this page with the only difference is we're using AD Authentication. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH2CAK Now we want to use pre-logon then on-demand. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oM4ACAU We used our internal PKI to create machine certs and those have been deployed using Group Policy. What I'm not getting is how to configure GlobalProtect to use the machine cert for pre-logon. Do I create a new SSL/TLS profile or certificate profile? Can I use the PANos self-signed in conjunction with the PKI machine cert? Would the self-signed be for the portal and the machine cert be for the gateway? I've gone through all the documents, as well as, the GP Admin guide. Any advice or guidance is much appreciated!
... View more