Hardware reference guide
78 GlobalProtect Administrator’s Guide
Enable Gateway Access to the Mobile Security Manager Set Up the GlobalProtect Mobile Security Manager
Step 3 Specify which server certificate the
Mobile Security Manager should use
enable the gateway establish an HTTPS
connection for HIP retrieval.
1. Select
Setup > Settings > Server and then click the Edit icon
in the GlobalProtect Gateway Settings section.
2. Select the
HIP Report Retrieval check box to enable gateway
access to the Mobile Security Manager.
3. Select the certificate you just imported from the
MDM Server
Certificate
drop-down and then click OK.
Step 4 (Optional) Create a certificate profile on
the Mobile Security Manager to enable
the gateway(s) to establish a mutual SSL
connection with the Mobile Security
Manager for HIP report retrieval.
To enable mutual authentication between the gateway and the
Mobile Security Manager, create a client certificate for the gateway
and then import the root CA that issued the client certificate onto
the Mobile Security Manager. Use the following procedure to import
the client certificate onto the Mobile Security Manager and define a
certificate profile:
1. Download the CA certificate that was used to generate the
gateway certificates (in the recommended workflow, the CA
certificate is on the portal).
a. Select
Device > Certificate Management > Certificates >
Device Certificates
.
b. Select the CA certificate, and click
Export.
c. Select
Base64 Encoded Certificate (PEM) from the File
Format
drop-down and click OK to download the certificate.
(You do not need to export the private key.)
2. On the Mobile Security Manager, import the certificate by
selecting
Device > Certificate Management > Certificates >
Device Certificates
, clicking Import and browsing to the
certificate you just downloaded. Click
OK to import the
certificate.
3. Select
Device > Certificates > Certificate Management >
Certificate Profile
and click Add and enter a Name to uniquely
identify the profile, such as GPgateways.
4. In the
CA Certificates field, click Add, select the CA certificate
you just imported and then click
OK.
5. Click
OK to save the profile.
6. Configure the Mobile Security Manager to use this certificate
profile to establish an HTTPS connection with the gateways:
a. Select
Setup > Settings > Server and then click the Edit
icon in the GlobalProtect Gateway Settings section.
b. Select the certificate profile you just created from the
Certificate Profile drop-down.
c. Click
OK to save the settings.
7.
Commit the changes to the Mobile Security Manager.
Enable Gateway Access to Mobile Security Manager (Continued)