iPads and iPhones Not Able to Connect Using GlobalProtect

iPads and iPhones Not Able to Connect Using GlobalProtect

Created On 09/25/18 19:47 PM - Last Modified 04/12/21 19:33 PM

  •  Unable to connect Apple iOS based devices, iPad / iPhone, using GlobalProtect. The same certificate works when using a macOS and Windows device
  •  The connection fails and the users are prompted with an error message stating "VPN server not responding"

  •  Existing GlobalProtect infrastructure
  •  Machine certificates deployed to iOS devices for authentication  

The CN (Common Name) on the certificate must contain either the Portal IP address or the FQDN that resolves to the GlobalProtect Portal IP address. If the server certificate is installed but the CN is misconfigured, a user can type in the address from a PC browser and be prompted with a certificate error message which can be ignored, so that the PC (both Mac and Windows) connects successfully.



  1. The server certificate CN must match the FQDN or the IP address entered for the GlobalProtect Portal address in the GlobalProtect client.
Note: Wildcard SSL certificates are not supported with iOS due to the operating system restraints just discussed.

Snapshot displaying certificate with both the IP and DNS name configured


  1. For example, if the CN is "gp.server.pan" then this must be entered as the portal address to connect to. The IP address the FQDN resolves to cannot be entered.
Note: This is found by navigating to Network > GlobalProtect > Portals > (Select Your Portal) > Agent (Select Your Config) > Select appropriate Internal or External tab 

Snapshot displaying FQDN configured for GlobalProtect Gateway

Snapshot displaying GlobalProtect error message


Additional Information
For additional information regarding GlobalProtect and certificate configuration options, please refer to the following document:

  • Print
  • Copy Link


Choose Language