To connect an Android/IOS phone with a Palo Alto Networks firewall, we can use the predefined VPN app on the phone. The GlobalProtect app is not required.
Step 1: Enable X-Auth and enter Group Name and Password in the GlobalProtect Gateway configuration:
Step 2. On your phone either Android/IOS, add a new VPN. The IPsec identifiers are the X-Auth Group Name and Group Password. The server address is the portal address. The server address has to be either an IP address or domain name. If the certificate CN has an IP address use the IP address. If the certificate CN uses a domain name then use domain name.
Step 3: Connect on the phone: While connecting you will be prompted for username and password. Enter the username and password according to the authenticaiton profile used in the gateway and portal.
Step 4: A successful connection will be shown as follows: