End-of-Life (EoL)

Get Started with the GlobalProtect App for Linux

The GlobalProtect app for Linux supports the installation packages as described in GlobalProtect App for Linux Requirements and Features.
If the requirements for your Linux endpoints are different than the requirements for other endpoints, you can configure your GlobalProtect portal and gateways with settings that apply only to Linux endpoints.
To get started with the GlobalProtect app for Linux:
  1. Configure your GlobalProtect gateways to support the GlobalProtect app for Linux.
    1. Install a GlobalProtect subscription for each gateway that supports the GlobalProtect app for Linux.
    2. Customize a gateway configuration for your Linux endpoints:
      When you configure a gateway, you can specify client authentication settings that apply specifically to Linux. For example, you can configure Windows and Mac endpoints to use two-factor authentication and require Linux endpoints to use certificate-based authentication.
      You can also configure supported network and client settings—such as specific IP pools, access routes, cookie authentication, and split tunneling—for Linux endpoints.
      1. Select
        Network
        GlobalProtect
        Gateways
        and then select or
        Add
        a gateway configuration.
      2. Add a Client Authentication configuration for Linux endpoints:
        1. Select
          Authentication
          and
          Add
          a new Client Authentication configuration.
        2. Enter a
          Name
          to identify the Client Authentication configuration, set
          OS
          to
          Linux
          , specify the
          Authentication Profile
          and, optionally, enter an authentication message to provide endpoint users with instructions or additional information when they authenticate from their Linux endpoint.
        3. Click
          OK
          .
      3. To configure specific client settings that apply to only Linux endpoints, configure a new Client Settings configuration:
        1. Select
          Agent
          and
          Add
          a new Client Settings configuration.
        2. Configure the Client Authentication settings as desired.
        3. Select
          User/User Group
          and then
          Add
          an OS, and select
          Linux
          .
        4. Click
          OK
          .
      4. Click
        OK
        .
      5. Commit
        the configuration.
  2. Configure the portal to support the GlobalProtect app for Linux.
    To support the GlobalProtect app for Linux, you must configure one or more gateways to which the app can connect and then configure the portal and app settings. The portal sends configuration information and information about the available gateways to the app. After receiving the configuration from the GlobalProtect portal, the app discovers the gateways listed in the client configuration and selects the best gateway. Use the following workflow to configure the GlobalProtect portal to support the GlobalProtect app for Linux.
    1. If you have not already done so, complete the prerequisite tasks for setting up a GlobalProtect portal.
    2. Define client settings for Linux users to authenticate to the portal.
      1. Select
        Network
        GlobalProtect
        Portals
        and then select a portal configuration.
      2. Configure Client Authentication settings that apply to Linux endpoints when users access the portal:
        1. Select
          Authentication
          and then
          Add
          a new Client Authentication configuration.
        2. Enter a
          Name
          to identify the Client Authentication configuration, set
          OS
          to
          Linux
          , specify the Authentication Profile to use for authenticating users on this portal, and then—optionally—enter an authentication message to provide users with instructions or additional information.
    3. Customize an agent configuration for Linux endpoints.
      Whether you modify an existing configuration or create a new one depends on your environment. For example, if you use OS-specific gateways or want to collect host information that is specific to Linux endpoints, consider creating a new agent configuration.
      For information about supported features, see GlobalProtect App for Linux Requirements and Features.
      1. Define a GlobalProtect Agent Configuration:
      2. Select
        Agent
        and select an existing or
        Add
        a new portal agent configuration.
      3. Configure the Authentication settings for Linux endpoints.
      4. Select
        User/User Group
        and then add an
        OS
        and select
        Linux
        .
      5. Specify the external gateways to which users with this configuration can connect.
      6. (
        Optional
        ) Select
        App
        and customize the applicable portal settings for the GlobalProtect app for Linux. The GlobalProtect app discards an additional settings that do not apply.
      7. Click
        OK
        twice.
      8. Commit
        the configuration.
    4. Enforce Policies on the GlobalProtect app for Linux (
      Objects
      GlobalProtect
      HIP Objects
      ).
      With the release of the GlobalProtect app for Linux, you can now create HIP objects using Host Info that is specific to Linux endpoints and use it for match conditions in any HIP profiles. You can then use a HIP profile as a match condition in a policy rule to enforce the corresponding security policy.
      The following table defines the criteria that is specific to Linux that you can use when you create a HIP object.
      1. Select
        General
        Host Info
        OS
        .
      2. Select
        Contains: Linux:
        <version>
        to create a HIP object that looks for information about endpoints running a specific version of Linux. To create a HIP object for all Linux versions, select
        All
        .
      3. Click
        OK
        .
  3. Download the GlobalProtect app for Linux.
    1. From the Support Site, select
      Software Updates
      and locate the app package in the GlobalProtect App for Linux section.
    2. Download the TGZ file for the version of the GlobalProtect app for Linux you want to install.
    3. Use software distribution and installation tools of your choice to deploy and install the app package on multiple Linux servers or proceed to the following steps to manually copy the software to a server.
    4. Copy the TGZ file to the Linux endpoint.
      For example, if you downloaded the package to a Mac endpoint, you can open a terminal and then copy the file:
      macUser@mac:~$
      scp ~/Downloads/PanGPLinux-4.1.0.tgz linuxUser@linuxHost:
      <DestinationFolder>
      where
      <DestinationFolder>
      is a location such as
      ~/pkgs/
      where you want to store the TGZ file.
    5. From the Linux endpoint, unzip the package.
      user@linuxhost:~$
      tar -xvf ~/pkgs/PanGPLinux-4.1.0.tgz
      After you unzip the package, you will see installation packages—DEB for Ubuntu and RPM for CentOS and Red Hat—and the scripts to install and uninstall the packages.
    6. Install and use the GlobalProtect App—See the .

Recommended For You