Install GlobalProtect for IoT on Ubuntu
To install GlobalProtect for IoT on Ubuntu devices, complete the following steps.
GlobalProtect for IoT for Raspbian and Ubuntu supports an Arm-based architecture only.
- From the Support Site, selectand download the GlobalProtect package for your OS.UpdatesSoftware Updates
- Install the GlobalProtect app for IoT.From the IoT device, use thesudo dpkg -i GlobalProtect_deb-command to install the software.<version>.debuser@linuxhost:~$sudo dpkg -i GlobalProtect_deb-184.108.40.206-19.debTo later uninstall the software, use thesudo dpkg -P globalprotectcommand.
- Configure the VPN settings you want to predeploy for Ubuntu IoT devices.
<?xml version="1.0" encoding="UTF-8"?> <GlobalProtect> <PanSetup> <Portal>192.168.1.160</Portal> //pre-deployed portal address </PanSetup> <PanGPS> </PanGPS> <Settings> <portal-timeout>5</portal-timeout> <connect-timeout>5</connect-timeout> <receive-timeout>30</receive-timeout> <os-type>IoT</os-type> //pre-deployed OS type for IoT. If this tag does not present, GP will automatic detect the OS type. <head-less>yes</head-less> //pre-deployed head-less mode <username>abc</username> //optional pre-deployed username <password>xyz</password> //optional pre-deployed password <client-cert-path>cli_cert_path</client-cert-path> //optional pre-deployed client certificate file(p12) path <client-cert-passphrase>cli_cert_passphrase_path< /client-cert-passphrase> //optional pre-deployed client certificate passphrase file path <log-path-service>/tmp/gps</log-path-service> //optional pre-deployed log folder for PanGPS <log-path-agent>/tmp/gpa</log-path-agent> //optional pre-deployed log folder for PanGPA and globalprotect CLI </Settings> </GlobalProtect>
- In theclient-certpath, import the certificate in pcks12 format and save the file with a .pfx extension (for example,pan_client_cert.pfx).
- In theclient-cert-passphrasepath, save the passcode file with .dat extension (for example,pan_client_cert_passcode.dat)
- In thelog-path-servicepath, if you are not using the default path for PanGPS (for example,/opt/paloaltonetworks/globalprotect), make sure that thelog-settingpath folder has the same privilege as the globalprotect folder underopt/paloaltonetworks.
- Create the/opt/paloaltonetworks/globalprotect/pangps.xmlpre-deployment configuration file in the following format and edit the IP address of the GlobalProtect portal, and authentication settings, either: username and password, or client certificate path (client-cert-path) and pass-phrase file (client-cert-passphrase). You can also specify an optional folder in which to store GlobalProtect service (log-path-service) and agent (log-path-agent) logs.
- Restart the GlobalProtect process for the pre-deployment configuration to take effect.
- After you deploy the IoT device, you can collect logs as needed using theglobalprotect collect-logcommand.user@linuxhost:~$globalprotect collect-logThe support file is saved to /home/gptest/.GlobalProtect/GlobalProtectLogs.tgz
- (Optional) If the authentication method is a is combination of username/password and client certificate authentication, make sure that theCommonNameof the client certificate matches the username.
Recommended For You
Recommended videos not found.