>
    Install GlobalProtect for IoT on Windows
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. GlobalProtect for IoT Devices
    4. Install GlobalProtect for IoT on Windows
    Download PDF
    GlobalProtect

    Install GlobalProtect for IoT on Windows

    Table of Contents

    Install GlobalProtect for IoT on Windows

    Devices running Windows 10 IoT can use the GlobalProtect app. Use your organization’s distribution method, such as Microsoft System Center Configuration Manager (SCCM), to deploy and install the GlobalProtect app on your IoT devices running Windows 10 IoT Enterprise.
    A GlobalProtect Windows IoT deployment supports certificate-based authentication. You must install the certificate used for authentication on each IoT device in its local machine store. If an IoT device has multiple certificates with the same Root CA, GlobalProtect uses the first certificate in the IoT device’s local machine store to authenticate; be sure that your certificates are in the correct order in your devices.
    The following sections describe how to install the GlobalProtect app on devices running Windows IoT:

    Download and Install the MSIEXEC File on the IoT Device

    You can download and install the msiexec.exe file to your IoT devices to install the GlobalProtect app for the On-Demand connect method or Always On connect method. You use the same method to deploy the msiexec.exe file as you do on a non-IoT device.

    Modify the Registry Keys on the IoT Device (On-Demand or Always On)

    You must specify the OS type as IoT, the device type as headless, and the portal address. Optionally, you can specify a username and password. If you do not specify a username and password, GlobalProtect uses certificate-based authentication.
    You can use the following methods of installation for the On-Demand connect method or Always On connect method:
    • Specify the OS Type (Required):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings
      Name: os-type
      Type: REG_SZ
      Data: IoT
    • Specify a headless IoT device (Required):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings
      Name: head-less
      Type: REG_SZ
      Data: yes
    • Specify the portal address (Required):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup
      Name: Portal
      Type: REG_SZ
      Data: Enter the GlobalProtect portal’s IP address or FQDN.
    • Specify the username (Optional):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings
      Name: username
      Type: REG_SZ
      Data: Enter the user name to use with the IoT device.
    • Specify the password (Optional):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings
      Name: password
      Type: REG_SZ
      Data: Enter the password to use with the IoT device.

    Modify the Registry Keys on the IoT Device (Always On with Pre-logon)

    You must specify the portal address, the pre-logon timeout value, and the service-only value. You must delete the GlobalProtect value to prevent the IoT device from automatically launching the app interface upon system restart. A pre-logon VPN tunnel does not associate the username because the user has not logged in.
    You can use the following methods of installation for the Pre-logon (Always On) connect method:
    • Specify the portal address (Required):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup
      Name: Portal
      Type: REG_SZ
      Data: Enter the GlobalProtect portal’s IP address or FQDN.
    • Specify the pre-logon value (Required):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup
      Name: Prelogon
      Type: REG_SZ
      Data: 1
    • Specify the service-only value (Required):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\Settings
      Name: service-only
      Type: REG_SZ
      Data: yes
    • Delete the GlobalProtect value (Required):
      Registry subkey: \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      Name: GlobalProtect
      Type: REG_SZ

    © 2024 Palo Alto Networks, Inc. All rights reserved.