Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

111

112

113

114

115

116

117

118

119

120

GlobalProtect Administrator’s Guide 109

Set Up the GlobalProtect Mobile Security Manager Set Up Administrative Access to the Mobile Security Manager

Step 2 Create the Client Certificate Profile that

will be used for securing access to the web

interface.

1. Select Setup > Certificate Management > Certificate Profile

and click

Add.

2. Enter a name for the certificate profile and in the

Username

Field

select Subject.

3. Select

Add in the CA Certificates section and from the CA

Certificate

drop-down, select the CA certificate you created in

Step 1.

Step 3 Configure the Mobile Security Manager

to use the client certificate profile for

admin authentication.

1. On the

Setup > Settings tab, click the Edit icon in the

Authentication Settings section of the screen.

2. In the

Certificate Profile field, select the client certificate

profile you created in Step 2.

3. Click

OK to save your changes.

Step 4 Create or modify an administrator

account to enable client certificate

authentication on the account.

1. Select

Setup > Administrators and then click Add.

2. Enter a login name for the administrator; the name is

case-sensitive.

3. Select

Use only client certificate authentication (Web) to

enable the use of the certificate for authentication.

4. Select the

Role to assign to this administrator. You can either

select one of the predefined dynamic roles or select a custom

role and attach an authentication profile that specifies the access

privileges for this administrator.

5. (Optional) For custom roles, select the device groups, templates

and the device context that the administrative user can modify.

6. Click

OK to save the account settings.

Step 5 Create and export the client certificate

that will be used to authenticate an

administrator.

1. Use the CA certificate to generate a client certificate for the each

administrative user.

a. Select

Setup > Certificate Management > Certificates and

click

Generate.

b. In the

Common Name field, enter the name of the

administrator for whom you are generating the certificate.

The name syntax should match the format used by the local

or external authentication mechanism.

c. In the

Signed by field, select the same CA certificate that you

created in Step 1.

d. Click

Generate to create the certificate using the details you

specified above.

2. Export the client certificate you just generated.

a. Select the certificate that you just created and click

Export.

b. To encrypt the private key, select

PKCS12 as the File Format.

c. Enter a passphrase to encrypt the private key and confirm

your entry.

d. Click

OK to export the certificate.

Enable Certificate-Based Authentication (Continued)