Install GlobalProtect for IoT on Raspbian

To install GlobalProtect for IoT on Raspbian devices, complete the following steps.
GlobalProtect for IoT for Raspbian and Ubuntu supports an Arm-based architecture only.
  1. From the Support Site, select
    Software Updates
    and download the GlobalProtect package for your OS.
  2. Install the GlobalProtect app for IoT.
    From the IoT device, use the
    sudo dpkg -i GlobalProtect_deb_arm
    command to install the software.
    sudo dpkg -i GlobalProtect_deb_arm-
    To later uninstall the software, use the
    sudo dpkg -P globalprotect
  3. Configure the VPN settings you want to predeploy for Raspbian IoT devices.
    1. In the
      path, import the certificate in pcks12 format and save the file with a .pfx extension (for example,
    2. In the
      path, save the passcode file with .dat extension (for example,
    3. In the
      path, if you are not using the default path for PanGPS (for example,
      ), make sure that the
      path folder has the same privilege as the globalprotect folder under
    4. Create the
      pre-deployment configuration file in the following format and edit the IP address of the GlobalProtect portal, and authentication settings, either: username and password, or client certificate path (
      ) and pass-phrase file (
      ). You can also specify an optional folder in which to store GlobalProtect service (
      ) and agent (
      ) logs.
    <?xml version="1.0" encoding="UTF-8"?> <GlobalProtect> <PanSetup> <Portal></Portal> //pre-deployed portal address </PanSetup> <PanGPS> </PanGPS> <Settings> <portal-timeout>5</portal-timeout> <connect-timeout>5</connect-timeout> <receive-timeout>30</receive-timeout> <os-type>IoT</os-type> //pre-deployed OS type for IoT. If this tag does not present, GP will automatic detect the OS type. <head-less>yes</head-less> //pre-deployed head-less mode <username>abc</username> //optional pre-deployed username <password>xyz</password> //optional pre-deployed password <client-cert-path>cli_cert_path</client-cert-path> //optional pre-deployed client certificate file(p12) path <client-cert-passphrase>cli_cert_passphrase_path< /client-cert-passphrase> //optional pre-deployed client certificate passphrase file path <log-path-service>/tmp/gps</log-path-service> //optional pre-deployed log folder for PanGPS <log-path-agent>/tmp/gpa</log-path-agent> //optional pre-deployed log folder for PanGPA and globalprotect CLI </Settings> </GlobalProtect>
  4. Restart the GlobalProtect process for the pre-deployment configuration to take effect.
  5. After you deploy the IoT device, you can collect logs as needed using the
    globalprotect collect-log
    user@raspbianhost:~/Desktop/data$ globalprotect collect-log The support file is saved to /home/gptest/.GlobalProtect/GlobalProtectLogs.tgz
  6. (
    ) If the authentication method is a is combination of username/password and client certificate authentication, make sure that the
    of the client certificate matches the username.

Recommended For You