Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to configure Global Protect for certificate-based HIP match - Knowledge Base - Palo Alto Networks

How to configure Global Protect for certificate-based HIP match

3482
Created On 07/06/22 19:45 PM - Last Modified 07/15/24 19:35 PM


Objective


Steps to configure the Global Protect for certificate-based HIP match
 

Environment


  • GlobalProtect
  • Prisma Access
  • Existing PKI  

Procedure


  1. Navigate to Device > Certificates and import CA certificate
import ca certificate on the device
 
  1. Navigate to Device> Certificate Profile and configure certificate profile
certificate profile
  1. Navigate to Portal > Agent > (Config-name) > HIP data collection and use the certificate profile configured in step 2 for HIP processing ​​​​​
certificate profile for HIP processing
  1. Navigate to Objects > HIP Objects and configure HIP object with match criteria
HIP object
  1. Import client certificate on the user machine in the local machine store
local machine store
 
  1. Navigate to the Global Protect App Host information tab for validation
Global Protect client validation
 

Additional Information


For best practices regarding certificate configuration for GlobalProtect, please refer to the following document:

Other users also viewed:
Updating results
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkrvCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail