Focus

GlobalProtect

Deploy App Settings Transparently

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1 (EoL)
User Guide
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.1
Release Notes
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1

View and Collect GlobalProtect App Logs

Customizable App Settings

Deploy App Settings Transparently

Deploy app settings transparently to endpoints instead of from the portal using the Windows Registry, macOS plist, or Linux pre-deployment configuration.

As an alternative to deploying app settings from the portal configuration, you can define them directly from the following endpoints:

Windows—Registry or Windows Installer (Msiexec)
macOS—global macOS plist
Linux—pre-deployment configuration file (pangps.xml)

The benefit of this alternative is that you can enable deployment of GlobalProtect app settings to endpoints prior to their first connection to the GlobalProtect portal.

Some settings do not have a corresponding portal configuration setting on the web interface and must be configured using the Windows Registry, Msiexec, or macOS plist. These settings are listed in the Customizable App Settings as “Not in portal.”

Settings defined in the portal configuration always override settings defined in the Windows Registry, macOS plist, or pre-deployment configuration file (pangps.xml) for Linux. If you define settings in the registry, plist, or pangps.xml, but the portal configuration specifies different settings, the settings that the app receives from the portal overrides the settings defined on the endpoint. This override also applies to login-related settings, such as whether to connect on-demand, whether to use single sign-on (SSO), and whether the app can connect if the portal certificate is invalid. Therefore, you should avoid conflicting settings. In addition, the portal configuration is cached on the endpoint, and that cached configuration is used anytime the GlobalProtect app restarts or the endpoint reboots.

The following sections describe what customizable app settings are available and how to deploy these settings transparently to Windows, macOS, and Linux endpoints:

In addition to using the Windows Registry, macOS plist, or Linux pre-deployment configuration to deploy GlobalProtect app settings, you can enable the GlobalProtect app to collect specific Windows Registry or macOS plist information from the endpoints, including data on applications installed on the endpoints, processes running on the endpoints, and attributes or properties of those applications and processes. You can then monitor the data and add it to a security rule to use as matching criteria. Endpoint traffic that matches the registry settings you define can be enforced according to the security rule. Additionally, you can set up custom checks to Collect Application and Process Data From Endpoints.

View and Collect GlobalProtect App Logs

Customizable App Settings

GlobalProtect Docs

Deploy App Settings Transparently

GlobalProtect Docs

Deploy App Settings Transparently

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner