If you have not yet created a Global Protect Portal, see Set Up Access to the GlobalProtect Portal.
  1. Go to Network > Global Protect > Portals, and open the portal you want to modify.
  2. On the Authentication tab, choose the SSL/TSL Service Profile for the portal.
  3. At the bottom left of Client Authentication, click Add.
  4. In the Client Authentication window, enter a name in the Name field.
  5. From the Authentication Profile list, select the authentication profile that you previously created.

    A screen capture of the Client Authentication window showing the fields Name, OS,and Authentication Profile. In the GlobalProtect App Login Screen section, there are the fields Username Label, Password Label, and Authentication Message. Following the GlobalProtect App Login Screen section is the drop-down option for Allow Authentication with User Credentials OR Client Certificate. The bottom of the window shows the OK and Cancel buttons.
  6. Optional: From the Allow Authentication with User Credentials or Client Certificate list, select Yes (User Credentials or Client Certificate Required).
  7. Click OK.
  8. Go to the Agent tab.
  9. In the Trusted Root CA section, set the trusted root certificate authority (CA).

    A screen capture of the Agent tab.
  10. In the Agent section, click Add.
    The Configs window opens.
  11. In the Authentication tab, in the Name field, enter a name.
  12. From the Save User Credentials list, select Save Username Only.

    A screen capture of the Configs window. The Configs window has six tabs: Authentication, Config Selection Criteria, Internal, External, App, and Data Collection. On the featured Authentication tab, there are the fields for Name, Client Certificate, and Save User Credentials. In the Authentication Override section, there are two check boxes: Generate cookie for authentication override and Accept cookie for authentication override. There is also a field for Certificate to Encrypt/Decrypt Cookie. The last section of the Authentication tab is Components that Require Dynamic Passwords (Two-Factor Authentication). In this section, there are four check boxes: Portal, Internal gateways-all, External gateways-manual only, and External gateways-auto discovery. At the bottom of the window are the OK and Cancel buttons.
  13. Go to the External tab, and in the External Gateways section, click Add.
  14. In the Name field, enter a name for the gateway.
  15. In the Address field, enter the fully-qualified domain name (FQDN) or IP for the agent, and select the appropriate check box. Click OK.

    A screen capture of the External Gateway window. The Name field at the top of the window says GP-Gateway. After that field is an Address option with radio buttons for FQDN or IP. In this screen capture, FQDN is selected, and in the field that follows, a URL has been entered. After that field is a list of gateway options with an Add plus sign button and a Delete minus sign button. After the list is a check box for Manual gateway selection. The bottom of the window has the OK and Cancel buttons.
  16. Go to the App tab and review the App Configurations.
  17. Make any necessary changes, and then click OK.
Ensure that the Gateway is configured. For more information, see Configure a GlobalProtect Gateway.