Deploy App Settings to Linux Endpoints
You can set the GlobalProtect app customization settings in the pre-deployment configuration file (
pangps.xml). This enables deployment of GlobalProtect app settings to Linux endpoints prior to their first connection to the GlobalProtect portal.
On Linux endpoints, the pre-deployment configuration file (
pangps.xml) is located in
The following table lists the pre-deployment settings for Linux endpoints that you can add to the
pangps.xmlfile to customize the behavior of the GlobalProtect app and how the user interacts with the GlobalProtect app.
Portal Agent Configuration
connect-method on-demand | user-logon
Allow User to Change Portal Address
can-change-portal yes | no
Allow User to Continue with Invalid Portal Server Certificate
can-continue-if-portal-cert-invalid yes | no
Use Default Browser for SAML Authentication
default-browser yes | no
Portal Connection Timeout (sec)
TCP Connection Timeout (sec)
TCP Receive Timeout (sec)
Not in portal
This setting specifies the default portal IP address (or hostname).
If you have already installed the GlobalProtect app on the Linux endpoint, follow these instructions:
- Stop the GlobalProtect VPN daemon. Use thesudo systemctl stop gpd.servicecommand.user@linuxhost:~$sudo systemctl stop gpd.service
- Add the pre-deployment settings to thepangps.xmlfile in/opt/paloaltonetworks/globalprotect.
- Modify the pre-deployment setting you want to edit for thepangps.xmlfile in/opt/paloaltonetworks/globalprotect.
- Reboot the Linux endpoint in order for the pre-deployment configuration changes to take effect.
If you are installing the GlobalProtect app for the first time, follow these instructions to deploy various settings to the Linux endpoint.
- Create the/opt/paloaltonetworks/globalprotect/pangps.xmlpre-deployment configuration file.
- Add the pre-deployment settings to thepangps.xmlfile, including the connect method for the GlobalProtect app and the default browser for SAML authentication.The following example shows the XML configuration of the pre-deployment changes that you deployed on the Linux endpoint, including the portal IP address (or hostname) under<PanSetup>.<?xml version="1.0" encoding="UTF-8"?> <GlobalProtect> <Settings> <connect-method>on-demand</connect-method> <can-continue-if-portal-cert-invalid>yes</can-continue-if-portal-cert-invalid> <can-change-portal>no</can-change-portal> <portal-timeout>100</portal-timeout> <connect-timeout>100</connect-timeout> <receive-timeout>100</receive-timeout> <default-browser>yes</default-browser> </Settings> <PanSetup> <Portal>portal.acme.com</Portal> </PanSetup> <PanGPS> </PanGPS> </GlobalProtect>
Recommended For You
Recommended videos not found.