GlobalProtect
Install GlobalProtect for IoT on Raspbian
Table of Contents
Expand All
|
Collapse All
GlobalProtect Docs
-
- 10.1 & Later
- 9.1 (EoL)
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
-
- 6.1
- 6.0
- 5.1
-
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
Install GlobalProtect for IoT on Raspbian
To install GlobalProtect for IoT on Raspbian
devices, complete the following steps.
GlobalProtect
for IoT for Raspbian and Ubuntu supports an Arm-based architecture
only.
- From the Support Site, select UpdatesSoftware Updates and download the GlobalProtect package for your OS.Install the GlobalProtect app for IoT.From the IoT device, use the sudo dpkg -i GlobalProtect_deb_arm<version>.deb command to install the software.
sudo dpkg -i GlobalProtect_deb_arm-5.1.0.0-84.deb
To later uninstall the software, use the sudo dpkg -P globalprotect command.Configure the VPN settings you want to predeploy for Raspbian IoT devices.- In the client-cert path, import the certificate in pcks12 format and save the file with a .pfx extension (for example, pan_client_cert.pfx).In the client-cert-passphrase path, save the passcode file with .dat extension (for example, pan_client_cert_passcode.dat)In the log-path-service path, if you are not using the default path for PanGPS (for example, /opt/paloaltonetworks/globalprotect), make sure that the log-setting path folder has the same privilege as the globalprotect folder under opt/paloaltonetworks.Create the /opt/paloaltonetworks/globalprotect/pangps.xml pre-deployment configuration file in the following format and edit the IP address of the GlobalProtect portal, and authentication settings, either: username and password, or client certificate path (client-cert-path) and pass-phrase file (client-cert-passphrase). You can also specify an optional folder in which to store GlobalProtect service (log-path-service) and agent (log-path-agent) logs.
<?xml version="1.0" encoding="UTF-8"?> <GlobalProtect> <PanSetup> <Portal>192.168.1.160</Portal> //pre-deployed portal address </PanSetup> <PanGPS> </PanGPS> <Settings> <portal-timeout>5</portal-timeout> <connect-timeout>5</connect-timeout> <receive-timeout>30</receive-timeout> <os-type>IoT</os-type> //pre-deployed OS type for IoT. If this tag does not present, GP will automatic detect the OS type. <head-less>yes</head-less> //pre-deployed head-less mode <username>abc</username> //optional pre-deployed username <password>xyz</password> //optional pre-deployed password <client-cert-path>cli_cert_path</client-cert-path> //optional pre-deployed client certificate file(p12) path <client-cert-passphrase>cli_cert_passphrase_path< /client-cert-passphrase> //optional pre-deployed client certificate passphrase file path <log-path-service>/tmp/gps</log-path-service> //optional pre-deployed log folder for PanGPS <log-path-agent>/tmp/gpa</log-path-agent> //optional pre-deployed log folder for PanGPA and globalprotect CLI </Settings> </GlobalProtect>
Restart the GlobalProtect process for the pre-deployment configuration to take effect.After you deploy the IoT device, you can collect logs as needed using the globalprotect collect-log command.user@raspbianhost:~/Desktop/data$ globalprotect collect-log The support file is saved to /home/gptest/.GlobalProtect/GlobalProtectLogs.tgz
(Optional) If the authentication method is a is combination of username/password and client certificate authentication, make sure that the CommonName of the client certificate matches the username.