An administrator configures a GlobalProtect portal with an authentication profile that uses Kerberos. Users report they cannot connect from remote locations. What is the most likely cause?
Trap 1: The external gateway is not configured for Kerberos authentication.
The authentication profile is configured on the portal, not the gateway.
Trap 2: The authentication profile is not configured on the gateway.
Kerberos authentication is only needed on the portal; the gateway uses the portal's authentication token.
Trap 3: The GlobalProtect gateway certificate is not trusted by the client.
Certificate trust issues would cause a different error (e.g., untrusted CA), not a Kerberos authentication failure.
- A
The remote users' computers are not domain-joined.
Kerberos authentication requires the client to be domain-joined to obtain a ticket.
- B
The external gateway is not configured for Kerberos authentication.
Why wrong: The authentication profile is configured on the portal, not the gateway.
- C
The authentication profile is not configured on the gateway.
Why wrong: Kerberos authentication is only needed on the portal; the gateway uses the portal's authentication token.
- D
The GlobalProtect gateway certificate is not trusted by the client.
Why wrong: Certificate trust issues would cause a different error (e.g., untrusted CA), not a Kerberos authentication failure.