Install GlobalProtect for IoT on Ubuntu

To install GlobalProtect for IoT on Ubuntu devices, complete the following steps.
GlobalProtect for IoT for Raspbian and Ubuntu supports an Arm-based architecture only.
  1. From the Support Site, select
    Updates
    Software Updates
    and download the GlobalProtect package for your OS.
  2. Install the GlobalProtect app for IoT.
    From the IoT device, use the
    sudo dpkg -i GlobalProtect_deb-
    <version>
    .deb
    command to install the software.
    user@linuxhost:~$
    sudo dpkg -i GlobalProtect_deb-4.1.0.0-19.deb
    To later uninstall the software, use the
    sudo dpkg -P globalprotect
    command.
  3. Configure the VPN settings you want to predeploy for Ubuntu IoT devices.
    1. In the
      client-cert
      path, import the certificate in pcks12 format and save the file with a .pfx extension (for example,
      pan_client_cert.pfx
      ).
    2. In the
      client-cert-passphrase
      path, save the passcode file with .dat extension (for example,
      pan_client_cert_passcode.dat
      )
    3. In the
      log-path-service
      path, if you are not using the default path for PanGPS (for example,
      /opt/paloaltonetworks/globalprotect
      ), make sure that the
      log-setting
      path folder has the same privilege as the globalprotect folder under
      opt/paloaltonetworks
      .
    4. Create the
      /opt/paloaltonetworks/globalprotect/pangps.xml
      pre-deployment configuration file in the following format and edit the IP address of the GlobalProtect portal, and authentication settings, either: username and password, or client certificate path (
      client-cert-path
      ) and pass-phrase file (
      client-cert-passphrase
      ). You can also specify an optional folder in which to store GlobalProtect service (
      log-path-service
      ) and agent (
      log-path-agent
      ) logs.
    <?xml version="1.0" encoding="UTF-8"?> <GlobalProtect> <PanSetup> <Portal>192.168.1.160</Portal> //pre-deployed portal address </PanSetup> <PanGPS> </PanGPS> <Settings> <portal-timeout>5</portal-timeout> <connect-timeout>5</connect-timeout> <receive-timeout>30</receive-timeout> <os-type>IoT</os-type> //pre-deployed OS type for IoT. If this tag does not present, GP will automatic detect the OS type. <head-less>yes</head-less> //pre-deployed head-less mode <username>abc</username> //optional pre-deployed username <password>xyz</password> //optional pre-deployed password <client-cert-path>cli_cert_path</client-cert-path> //optional pre-deployed client certificate file(p12) path <client-cert-passphrase>cli_cert_passphrase_path< /client-cert-passphrase> //optional pre-deployed client certificate passphrase file path <log-path-service>/tmp/gps</log-path-service> //optional pre-deployed log folder for PanGPS <log-path-agent>/tmp/gpa</log-path-agent> //optional pre-deployed log folder for PanGPA and globalprotect CLI </Settings> </GlobalProtect>
  4. Restart the GlobalProtect process for the pre-deployment configuration to take effect.
  5. After you deploy the IoT device, you can collect logs as needed using the
    globalprotect collect-log
    command.
    user@linuxhost:~$
    globalprotect collect-log
    The support file is saved to /home/gptest/.GlobalProtect/GlobalProtectLogs.tgz
  6. (
    Optional
    ) If the authentication method is a is combination of username/password and client certificate authentication, make sure that the
    CommonName
    of the client certificate matches the username.

Recommended For You