iPads and iPhones Not Able to Connect Using GlobalProtect
81235
Created On 09/25/18 19:47 PM - Last Modified 08/24/23 15:39 PM
Symptom
- Unable to connect Apple iOS based devices, iPad / iPhone, using GlobalProtect. The same certificate works when using a macOS and Windows device
- The connection fails and the users are prompted with an error message stating "VPN server not responding"
Environment
- Existing GlobalProtect infrastructure
- Machine certificates deployed to iOS devices for authentication
Cause
The CN (Common Name) on the certificate must contain either the Portal IP address or the FQDN that resolves to the GlobalProtect Portal IP address. If the server certificate is installed but the CN is misconfigured, a user can type in the address from a PC browser and be prompted with a certificate error message which can be ignored, so that the PC (both Mac and Windows) connects successfully.
Resolution
- The server certificate CN must match the FQDN or the IP address entered for the GlobalProtect Portal address in the GlobalProtect client.
Note: Wildcard SSL certificates are not supported with iOS due to the operating system restraints just discussed.
- For example, if the CN is "gp.server.pan" then this must be entered as the portal address to connect to. The IP address the FQDN resolves to cannot be entered.
Note: This is found by navigating to Network > GlobalProtect > Portals > (Select Your Portal) > Agent (Select Your Config) > Select appropriate Internal or External tab
Additional Information
For additional information regarding GlobalProtect and certificate configuration options, please refer to the following document: