GP connection fails with the error "The certificate CN name mismatch. The certificate is not issued to <GlobalProtect Portal FQDN>"

GP connection fails with the error "The certificate CN name mismatch. The certificate is not issued to <GlobalProtect Portal FQDN>"

22950
Created On 05/31/22 08:29 AM - Last Modified 01/05/24 02:26 AM


Symptom


  • GlobalProtect (GP) connection to Portal/Gateway fails with the error "The certificate CN name mismatch. The certificate is not issued to <GlobalProtect Portal FQDN>".
  • The certificate information is correct

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Prisma Access for Mobile Users
  • GlobalProtect (GP) App

Cause


The security filter software installed on the client machine is blocking SSL negotiation to verify the certificate.

Resolution


Allow the traffic to the following addresses, ports, or process names in the security software configuration.
  1. URL
    • *.gpcloudservice.com  
  2. Ports
    • TCP/443
    • UDP/4501 ( if the IPSec is enabled in GlobalProtect Gateway setting)  
  3. Process name
    • PanGPA
    • PanGPS
    • PanGpHipMp
    • PanGpHip

Additional Information


Ports Used for GlobalProtect
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CpnnCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language