GlobalProtect
Set Up the MDM Integration With GlobalProtect
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
9.1 (EoL)
- 10.1 & Later
- 9.1 (EoL)
-
-
-
- Deploy App Settings in the Windows Registry
- Deploy App Settings from Msiexec
- Deploy Scripts Using the Windows Registry
- Deploy Scripts Using Msiexec
- SSO Wrapping for Third-Party Credential Providers on Windows Endpoints
- Enable SSO Wrapping for Third-Party Credentials with the Windows Registry
- Enable SSO Wrapping for Third-Party Credentials with the Windows Installer
-
- Mobile Device Management Overview
- Set Up the MDM Integration With GlobalProtect
- Qualified MDM Vendors
-
- Remote Access VPN (Authentication Profile)
- Remote Access VPN (Certificate Profile)
- Remote Access VPN with Two-Factor Authentication
- Always On VPN Configuration
- Remote Access VPN with Pre-Logon
- GlobalProtect Multiple Gateway Configuration
- GlobalProtect for Internal HIP Checking and User-Based Access
- Mixed Internal and External Gateway Configuration
- Captive Portal and Enforce GlobalProtect for Network Access
-
-
- End User Experience
- Management and Logging in Panorama
-
- View a Graphical Display of GlobalProtect User Activity in PAN-OS
- View All GlobalProtect Logs on a Dedicated Page in PAN-OS
- Event Descriptions for the GlobalProtect Logs in PAN-OS
- Filter GlobalProtect Logs for Gateway Latency in PAN-OS
- Restrict Access to GlobalProtect Logs in PAN-OS
- Forward GlobalProtect Logs to an External Service in PAN-OS
- Configure Custom Reports for GlobalProtect in PAN-OS
- Monitoring and High Availability
-
- About GlobalProtect Cipher Selection
- Cipher Exchange Between the GlobalProtect App and Gateway
-
- Reference: GlobalProtect App Cryptographic Functions
-
- Reference: TLS Ciphers Supported by GlobalProtect Apps on macOS Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows 10 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Windows 7 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Android 6.0.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on iOS 10.2.1 Endpoints
- Reference: TLS Ciphers Supported by GlobalProtect Apps on Chromebooks
- Ciphers Used to Set Up IPsec Tunnels
- SSL APIs
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- Download and Install the GlobalProtect App for Windows
- Use Connect Before Logon
- Use Single Sign-On for Smart Card Authentication
- Use the GlobalProtect App for Windows
- Report an Issue From the GlobalProtect App for Windows
- Disconnect the GlobalProtect App for Windows
- Uninstall the GlobalProtect App for Windows
- Fix a Microsoft Installer Conflict
-
- Download and Install the GlobalProtect App for macOS
- Use the GlobalProtect App for macOS
- Report an Issue From the GlobalProtect App for macOS
- Disconnect the GlobalProtect App for macOS
- Uninstall the GlobalProtect App for macOS
- Remove the GlobalProtect Enforcer Kernel Extension
- Enable the GlobalProtect App for macOS to Use Client Certificates for Authentication
-
6.1
- 6.1
- 6.0
- 5.1
-
6.3
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
End-of-Life (EoL)
Set Up the MDM Integration With GlobalProtect
To set up the MDM integration with GlobalProtect,
use the following workflow:
- Set up the GlobalProtect Infrastructure.
- Create Interfaces and Zones for GlobalProtect.
- Enable SSL Between GlobalProtect Components.
- Set up GlobalProtect User Authentication. Refer to About GlobalProtect User Authentication.
- Enable Group Mapping.
- Configure a GlobalProtect Gateway.
- Activate Licenses for each firewall running a gateway(s) that supports the GlobalProtect app on mobile endpoints.
- Set Up Access to the GlobalProtect Portal.
- Set up the mobile device management system and decide
whether to support only corporate-issued endpoints or both corporate-issued
and personal endpoints.See the instructions for your mobile device management (MDM) system or enterprise mobility management (EMM) system.
- Obtain the GlobalProtect app for mobile endpoints.You can install the app directly from the app store on your endpoint (see Download and Install the GlobalProtect Mobile App) or deploy the app from a mobile device management system (such as Workspace ONE) and transparently push the app to your managed endpoints.
- App store— Download and Install the GlobalProtect Mobile App
- Supported mobile device management systems—See the following
instructions on how to deploy apps to managed endpoints:
- Deploy the GlobalProtect Mobile App Using Workspace ONE
- Deploy the GlobalProtect App for Android on Managed Chromebooks Using Workspace ONE
- Deploy the GlobalProtect Mobile App Using Microsoft Intune
- Deploy the GlobalProtect Mobile App Using MobileIron
- Deploy the GlobalProtect App for Android on Managed Chromebooks Using the Google Admin Console
- Other third-party mobile device management system—See the instructions from your vendor on how to deploy apps to managed endpoints.
- Configure the MDM integration.Use one of the following methods to configure the MDM integration:
-
Firewall integration with an MDM or EMM system:
-
GlobalProtect app integration with an MDM or EMM system:
-
- Configure polices that target mobile endpoints using
host information.Configure HIP-Based Policy Enforcement for managed endpoints.