Palo Alto Networks Knowledgebase: iPads and iPhones Not Able to Connect Using GlobalProtect

iPads and iPhones Not Able to Connect Using GlobalProtect

Created On 08/05/19 20:23 PM - Last Updated 08/05/19 20:36 PM


Unable to connect Apple iOS based devices, iPad / iPhone, using GlobalProtect. The same certificate works when using a Macintosh and Windows PC


The CN (Common Name) on the certificate must contain either the Portal IP address or the FQDN that resolves to the GlobalProtect Portal IP address. If the server certificate is installed but the CN is misconfigured, a user can type in the address from a PC browser and be prompted with a certificate error message which can be ignored, so that the PC (both Mac and Windows) connects successfully.

No such prompt is available for the iOS based devices and as such, the connection fails and the users are prompted with an error message stating "VPN server not responding".


The server certificate CN must match the FQDN or the IP address entered for the GlobalProtect Portal address in the GlobalProtect client. Wildcard SSL certificates are not supported with iOS due to the operating system restraints just discussed.

For example, if the CN is GP.DOMAIN.COM then GP.DOMAIN.COM must be entered as the portal address to connect to. The IP address the FQDN resolves to cannot be entered.

owner: sjamaluddin

  • Print
  • Copy Link

Choose Language