Deploy App Settings to Linux Endpoints

You can set the GlobalProtect app customization settings in the pre-deployment configuration file (
pangps.xml
). This enables deployment of GlobalProtect app settings to Linux endpoints prior to their first connection to the GlobalProtect portal.
On Linux endpoints, the pre-deployment configuration file (
pangps.xml
) is located in
/opt/paloaltonetworks/globalprotect
.
The following table lists the pre-deployment settings for Linux endpoints that you can add to the
pangps.xml
file to customize the behavior of the GlobalProtect app and how the user interacts with the GlobalProtect app.
Portal Agent Configuration
Linux
Default
Connect Method
connect-method on-demand | user-logon
user-logon
Allow User to Change Portal Address
can-change-portal yes | no
yes
Allow User to Continue with Invalid Portal Server Certificate
can-continue-if-portal-cert-invalid yes | no
yes
Use Default Browser for SAML Authentication
default-browser yes | no
no
Portal Connection Timeout (sec)
portal-timeout
<
portaltimeout
>
5
TCP Connection Timeout (sec)
connect-timeout
<
connect-timeout
>
5
TCP Receive Timeout (sec)
receive-timeout
<
receive-timeout
>
30
Not in portal
This setting specifies the default portal IP address (or hostname).
Portal
<
IPaddress
>
n/a
If you have already installed the GlobalProtect app on the Linux endpoint, follow these instructions:
  1. Stop the GlobalProtect VPN daemon. Use the
    sudo systemctl stop gpd.service
    command.
    user@linuxhost:~$
    sudo systemctl stop gpd.service
  2. Add the pre-deployment settings to the
    pangps.xml
    file in
    /opt/paloaltonetworks/globalprotect
    .
  3. Modify the pre-deployment setting you want to edit for the
    pangps.xml
    file in
    /opt/paloaltonetworks/globalprotect
    .
  4. Reboot the Linux endpoint in order for the pre-deployment configuration changes to take effect.
If you are installing the GlobalProtect app for the first time, follow these instructions to deploy various settings to the Linux endpoint.
  1. Create the
    /opt/paloaltonetworks/globalprotect/pangps.xml
    pre-deployment configuration file.
  2. Add the pre-deployment settings to the
    pangps.xml
    file, including the connect method for the GlobalProtect app and the default browser for SAML authentication.
    The following example shows the XML configuration of the pre-deployment changes that you deployed on the Linux endpoint, including the portal IP address (or hostname) under
    <PanSetup>
    .
    <?xml version="1.0" encoding="UTF-8"?> <GlobalProtect>       <Settings>           <connect-method>on-demand</connect-method>           <can-continue-if-portal-cert-invalid>yes</can-continue-if-portal-cert-invalid>           <can-change-portal>no</can-change-portal>           <portal-timeout>100</portal-timeout>           <connect-timeout>100</connect-timeout>           <receive-timeout>100</receive-timeout>           <default-browser>yes</default-browser>       </Settings>       <PanSetup>           <Portal>portal.acme.com</Portal>       </PanSetup>       <PanGPS>       </PanGPS> </GlobalProtect>

Recommended For You