Setup the client certificate deployment by following this guide : https://www.virtuallyboring.com/setup-microsoft-active-directory-certificate-services-ad-cs/
Start of by exporting the CA certificate:
![](http://wp.12p.no/wp-content/uploads/2020/03/image-2.png)
Install the certificate on you Palo Alto Firewall:
![](http://wp.12p.no/wp-content/uploads/2020/03/image-3.png)
the certificate should look something like this:
![](http://wp.12p.no/wp-content/uploads/2020/03/image-4.png)
Create a Certificate profile:
![](http://wp.12p.no/wp-content/uploads/2020/03/image-5-1024x610.png)
Add this profile to your Authentication settings on the GlobalProtect gateway:
![](http://wp.12p.no/wp-content/uploads/2020/03/image-8.png)
Now you can access your globalprotect vpn with the required client certificate.
If you get disconnected right away you can check the debug logs undre Troubleshooting, look for this message:
![](http://wp.12p.no/wp-content/uploads/2020/03/image-9.png)