Hardware reference guide
152 GlobalProtect Administrator’s Guide
Remote Access VPN with Two-Factor Authentication GlobalProtect Quick Configs
Step 5 Create a client certificate profile. 1. Select Device > Certificate Management > Certificate Profile,
click
Add and enter a profile Name such as GP-client-cert.
2. Specify where to get the username that will be used to
authenticate the end user:
• From user—If you want the end user to supply a username
when authenticating to the service specified in the
authentication profile, select
None as the Username Field.
• From certificate—If you want to extract the username from
the certificate, select
Subject as the Username Field. If you
use this option, the CN contained in the certificate will
automatically populated the username field when the user is
prompted to login to the portal/gateway and the user will be
required to log in using that username.
3. Click
Add in the CA Certificates section, select the CA
Certificate
that issued the client certificates, and click OK twice.
Step 6 Create a server profile.
The server profile instructs the firewall
how to connect to the authentication
service. Local, RADIUS, Kerberos, and
LDAP authentication methods are
supported. This example shows an LDAP
authentication profile for authenticating
users against the Active Directory.
Create the server profile for connecting to the LDAP server:
Device
> Server Profiles > LDAP
Step 7 Create an authentication profile. Attach the server profile to an authentication profile: Device >
Authentication Profile
.
Quick Config: VPN Remote Access with Two-Factor Authentication (Continued)