GlobalProtect
Deploy App Settings to Linux Endpoints
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
- 10.1 & Later
- 9.1 (EoL)
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- 6.1
- 6.0
- 5.1
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
Deploy App Settings to Linux Endpoints
Customize GlobalProtect app settings in pre-deployment configuration file for
deploying to Linux endpoints.
You can set the GlobalProtect app customization
settings in the pre-deployment configuration file (pangps.xml). This
enables deployment of GlobalProtect app settings to Linux endpoints
prior to their first connection to the GlobalProtect portal.
On
Linux endpoints, the pre-deployment configuration file (pangps.xml)
is located in /opt/paloaltonetworks/globalprotect.
The
following table lists the pre-deployment settings for Linux endpoints
that you can add to the pangps.xml file
to customize the behavior of the GlobalProtect app and how the user
interacts with the GlobalProtect app.
Portal Agent Configuration | Linux | Default |
---|---|---|
Connect Method | connect-method on-demand | user-logon | user-logon |
Allow User to Change Portal Address | can-change-portal yes | no | yes |
Allow User to Continue with Invalid
Portal Server Certificate | can-continue-if-portal-cert-invalid yes | no | yes |
Use Default Browser for SAML Authentication | default-browser yes | no | no |
Portal Connection Timeout (sec) | portal-timeout <portaltimeout> | 5 |
TCP Connection Timeout (sec) | connect-timeout <connect-timeout> | 5 |
TCP Receive Timeout (sec) | receive-timeout <receive-timeout> | 30 |
Not in portal
This setting is used to predeploy the full chain certificate
verification flag.
|
full-chain-cert-verify
<Settings>
<full-chain-cert-verify>yes</full-chain-cert-verify>
</Settings>
|
n/a
|
Not in portal This setting
specifies the default portal IP address (or hostname). | Portal <IPaddress> | n/a |
If you have already installed the GlobalProtect
app on the Linux endpoint, follow these instructions:
- Modify the pre-deployment setting you want to edit for the pangps.xml file in /opt/paloaltonetworks/globalprotect.
- Reboot the Linux endpoint in order for the pre-deployment configuration changes to take effect.
If
you are installing the GlobalProtect app for the first time, follow
these instructions to deploy various settings to the Linux endpoint.
- Create the /opt/paloaltonetworks/globalprotect/pangps.xml pre-deployment configuration file.Add the pre-deployment settings to the pangps.xml file, including the connect method for the GlobalProtect app and the default browser for SAML authentication.The following example shows the XML configuration of the pre-deployment changes that you deployed on the Linux endpoint, including the portal IP address (or hostname) under <PanSetup>.
<?xml version="1.0" encoding="UTF-8"?> <GlobalProtect> <Settings> <connect-method>on-demand</connect-method> <can-continue-if-portal-cert-invalid>yes</can-continue-if-portal-cert-invalid> <can-change-portal>no</can-change-portal> <portal-timeout>100</portal-timeout> <connect-timeout>100</connect-timeout> <receive-timeout>100</receive-timeout> <default-browser>yes</default-browser> </Settings> <PanSetup> <Portal>portal.acme.com</Portal> </PanSetup> <PanGPS> </PanGPS> </GlobalProtect>