>
    Deploy App Settings to Linux Endpoints
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. GlobalProtect Apps
    4. Deploy App Settings Transparently
    5. Deploy App Settings to Linux Endpoints
    Download PDF
    GlobalProtect

    Deploy App Settings to Linux Endpoints

    Table of Contents

    Deploy App Settings to Linux Endpoints

    Customize GlobalProtect app settings in pre-deployment configuration file for deploying to Linux endpoints.
    You can set the GlobalProtect app customization settings in the pre-deployment configuration file (
    pangps.xml
    ). This enables deployment of GlobalProtect app settings to Linux endpoints prior to their first connection to the GlobalProtect portal.
    On Linux endpoints, the pre-deployment configuration file (
    pangps.xml
    ) is located in
    /opt/paloaltonetworks/globalprotect
    .
    The following table lists the pre-deployment settings for Linux endpoints that you can add to the
    pangps.xml
     file to customize the behavior of the GlobalProtect app and how the user interacts with the GlobalProtect app.
    Portal Agent Configuration
    Linux
    Default
    Connect Method
    connect-method on-demand | user-logon
    user-logon
    Allow User to Change Portal Address
    can-change-portal yes | no
    yes
    Allow User to Continue with Invalid Portal Server Certificate
    can-continue-if-portal-cert-invalid yes | no
    yes
    Use Default Browser for SAML Authentication
    default-browser yes | no
    no
    Portal Connection Timeout (sec)
    portal-timeout
     <
    portaltimeout
    >
    5
    TCP Connection Timeout (sec)
    connect-timeout
     <
    connect-timeout
    >
    5
    TCP Receive Timeout (sec)
    receive-timeout
     <
    receive-timeout
    >
    30
    Not in portal
    This setting specifies the default portal IP address (or hostname).
    Portal
     <
    IPaddress
    >
    n/a
    If you have already installed the GlobalProtect app on the Linux endpoint, follow these instructions:
    1. Stop the GlobalProtect VPN daemon. Use the
      sudo systemctl stop gpd.service
       command.
      user@linuxhost:~$ 
      sudo systemctl stop gpd.service
    2. Add the pre-deployment settings to the
      pangps.xml
       file in
      /opt/paloaltonetworks/globalprotect
      .
    3. Modify the pre-deployment setting you want to edit for the
      pangps.xml
       file in
      /opt/paloaltonetworks/globalprotect
      .
    4. Reboot the Linux endpoint in order for the pre-deployment configuration changes to take effect.
    If you are installing the GlobalProtect app for the first time, follow these instructions to deploy various settings to the Linux endpoint.
    1. Create the
      /opt/paloaltonetworks/globalprotect/pangps.xml
       pre-deployment configuration file.
    2. Add the pre-deployment settings to the
      pangps.xml
       file, including the connect method for the GlobalProtect app and the default browser for SAML authentication.
      The following example shows the XML configuration of the pre-deployment changes that you deployed on the Linux endpoint, including the portal IP address (or hostname) under
      <PanSetup>
      .
      <?xml version="1.0" encoding="UTF-8"?>
<GlobalProtect>
      <Settings>
          <connect-method>on-demand</connect-method>
          <can-continue-if-portal-cert-invalid>yes</can-continue-if-portal-cert-invalid>
          <can-change-portal>no</can-change-portal>
          <portal-timeout>100</portal-timeout>
          <connect-timeout>100</connect-timeout>
          <receive-timeout>100</receive-timeout>
          <default-browser>yes</default-browser>
      </Settings>
      <PanSetup>
          <Portal>portal.acme.com</Portal>
      </PanSetup>
      <PanGPS>
      </PanGPS>
</GlobalProtect>

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.