Palo Alto Networks Knowledgebase: GlobalProtect Portal and Gateway use same Certificate Profile when on the same interface
GlobalProtect Portal and Gateway use same Certificate Profile when on the same interface
Created On 02/07/19 23:54 PM - Last Updated 02/07/19 23:54 PM
Different Certificate Profiles on GlobalProtect Portal and GlobalProtect Gateway which are using the same interface
Certificate Profile #1: Cert-Prof-1
Certificate Profile #2: Cert-Prof-2
GlobalProtect Portal configured on ethernet1/3 (IP Address: x.x.x.x) using Cert-Prof-1
GlobalProtect Gateway configured on same ethernet1/3 (IP Address: x.x.x.x) using Cert-Prof-2
The Palo Alto Networks firewall will use "Cert-Prof-2" even for GlobalProtect Portal.
NOTE: In cases where Certificate Profiles are differently configured, connecting to GlobalProtect Portal might fail as the firewall will use the Gateway's Certificate Profile even for connection on GlobalProtect Portal.
When GlobalProtect Portal and Gateway are configured on the same interface and Certificate Profile is needed for Client Authentication on both GlobalProtect Portal and Gateway, please use the same Certificate Profile on both GlobalProtect Portal and Gateway as Dataplane (DP) on the Palo Alto Networks firewall uses only GlobalProtect Gateway's Certificate Profile for connections to both GlobalProtect Portal and Gateway.