Palo Alto Networks Knowledgebase: iPads and iPhones Not Able to Connect Using GlobalProtect

iPads and iPhones Not Able to Connect Using GlobalProtect

9600
Created On 08/05/19 20:23 PM - Last Updated 08/05/19 20:36 PM
Resolution

Symptoms

Unable to connect Apple iOS based devices, iPad / iPhone, using GlobalProtect. The same certificate works when using a Macintosh and Windows PC

Issue

The CN (Common Name) on the certificate must contain either the Portal IP address or the FQDN that resolves to the GlobalProtect Portal IP address. If the server certificate is installed but the CN is misconfigured, a user can type in the address from a PC browser and be prompted with a certificate error message which can be ignored, so that the PC (both Mac and Windows) connects successfully.

No such prompt is available for the iOS based devices and as such, the connection fails and the users are prompted with an error message stating "VPN server not responding".

Resolution

The server certificate CN must match the FQDN or the IP address entered for the GlobalProtect Portal address in the GlobalProtect client. Wildcard SSL certificates are not supported with iOS due to the operating system restraints just discussed.

For example, if the CN is GP.DOMAIN.COM then GP.DOMAIN.COM must be entered as the portal address to connect to. The IP address the FQDN resolves to cannot be entered.

owner: sjamaluddin



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldACAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language