Deploy App Settings Transparently

As an alternative to deploying app settings from the portal configuration, you can define them directly from the following endpoints:
  • Windows—Registry or Windows Installer (Msiexec)
  • macOS—global macOS plist
  • Linux—pre-deployment configuration file (
    pangps.xml
    )
The benefit of this alternative is that you can enable deployment of GlobalProtect app settings to endpoints prior to their first connection to the GlobalProtect portal.
Settings defined in the portal configuration always override settings defined in the Windows Registry, macOS plist, or pre-deployment configuration file (
pangps.xml
) for Linux. If you define settings in the registry, plist, or
pangps.xml
, but the portal configuration specifies different settings, the settings that the app receives from the portal overrides the settings defined on the endpoint. This override also applies to login-related settings, such as whether to connect on-demand, whether to use single sign-on (SSO), and whether the app can connect if the portal certificate is invalid. Therefore, you should avoid conflicting settings. In addition, the portal configuration is cached on the endpoint, and that cached configuration is used anytime the GlobalProtect app restarts or the endpoint reboots.
The following sections describe what customizable app settings are available and how to deploy these settings transparently to Windows, macOS, and Linux endpoints:
In addition to using the Windows Registry, macOS plist, or Linux pre-deployment configuration to deploy GlobalProtect app settings, you can enable the GlobalProtect app to collect specific Windows Registry or macOS plist information from the endpoints, including data on applications installed on the endpoints, processes running on the endpoints, and attributes or properties of those applications and processes. You can then monitor the data and add it to a security rule to use as matching criteria. Endpoint traffic that matches the registry settings you define can be enforced according to the security rule. Additionally, you can set up custom checks to Collect Application and Process Data From Endpoints.

Recommended For You