Get Started with the GlobalProtect App for Linux
The GlobalProtect app for Linux supports the installation packages as described in GlobalProtect App for Linux Requirements and Features.
If the requirements for your Linux endpoints are different than the requirements for other endpoints, you can configure your GlobalProtect portal and gateways with settings that apply only to Linux endpoints.
To get started with the GlobalProtect app for Linux:
- Configure your GlobalProtect gateways to support the GlobalProtect app for Linux.
- Install a GlobalProtect subscription for each gateway that supports the GlobalProtect app for Linux.
- Customize a gateway configuration for your Linux endpoints:When you configure a gateway, you can specify client authentication settings that apply specifically to Linux. For example, you can configure Windows and Mac endpoints to use two-factor authentication and require Linux endpoints to use certificate-based authentication.You can also configure supported network and client settings—such as specific IP pools, access routes, cookie authentication, and split tunneling—for Linux endpoints.
- Selectand then select orNetworkGlobalProtectGatewaysAdda gateway configuration.
- Add a Client Authentication configuration for Linux endpoints:
- SelectAuthenticationandAdda new Client Authentication configuration.
- Enter aNameto identify the Client Authentication configuration, setOStoLinux, specify theAuthentication Profileand, optionally, enter an authentication message to provide endpoint users with instructions or additional information when they authenticate from their Linux endpoint.
- To configure specific client settings that apply to only Linux endpoints, configure a new Client Settings configuration:
- SelectAgentandAdda new Client Settings configuration.
- Configure the Client Authentication settings as desired.
- SelectUser/User Groupand thenAddan OS, and selectLinux.
- Committhe configuration.
- Configure the portal to support the GlobalProtect app for Linux.To support the GlobalProtect app for Linux, you must configure one or more gateways to which the app can connect and then configure the portal and app settings. The portal sends configuration information and information about the available gateways to the app. After receiving the configuration from the GlobalProtect portal, the app discovers the gateways listed in the client configuration and selects the best gateway. Use the following workflow to configure the GlobalProtect portal to support the GlobalProtect app for Linux.
- If you have not already done so, complete the prerequisite tasks for setting up a GlobalProtect portal.
- Define client settings for Linux users to authenticate to the portal.
- Selectand then select a portal configuration.NetworkGlobalProtectPortals
- Configure Client Authentication settings that apply to Linux endpoints when users access the portal:
- SelectAuthenticationand thenAdda new Client Authentication configuration.
- Enter aNameto identify the Client Authentication configuration, setOStoLinux, specify the Authentication Profile to use for authenticating users on this portal, and then—optionally—enter an authentication message to provide users with instructions or additional information.
- Customize an agent configuration for Linux endpoints.Whether you modify an existing configuration or create a new one depends on your environment. For example, if you use OS-specific gateways or want to collect host information that is specific to Linux endpoints, consider creating a new agent configuration.For information about supported features, see GlobalProtect App for Linux Requirements and Features.
- Define a GlobalProtect Agent Configuration:
- SelectAgentand select an existing orAdda new portal agent configuration.
- Configure the Authentication settings for Linux endpoints.
- SelectUser/User Groupand then add anOSand selectLinux.
- Specify the external gateways to which users with this configuration can connect.
- (Optional) SelectAppand customize the applicable portal settings for the GlobalProtect app for Linux. The GlobalProtect app discards an additional settings that do not apply.
- Committhe configuration.
- Enforce Policies on the GlobalProtect app for Linux ().ObjectsGlobalProtectHIP ObjectsWith the release of the GlobalProtect app for Linux, you can now create HIP objects using Host Info that is specific to Linux endpoints and use it for match conditions in any HIP profiles. You can then use a HIP profile as a match condition in a policy rule to enforce the corresponding security policy.The following table defines the criteria that is specific to Linux that you can use when you create a HIP object.
- Select.GeneralHost InfoOS
- SelectContains: Linux:to create a HIP object that looks for information about endpoints running a specific version of Linux. To create a HIP object for all Linux versions, select<version>All.
- Download the GlobalProtect app for Linux.
- From the Support Site, selectSoftware Updatesand locate the app package in the GlobalProtect App for Linux section.
- Download the TGZ file for the version of the GlobalProtect app for Linux you want to install.
- Use software distribution and installation tools of your choice to deploy and install the app package on multiple Linux servers or proceed to the following steps to manually copy the software to a server.
- Copy the TGZ file to the Linux endpoint.For example, if you downloaded the package to a Mac endpoint, you can open a terminal and then copy the file:macUser@mac:~$scp ~/Downloads/PanGPLinux-4.1.0.tgz linuxUser@linuxHost:<DestinationFolder>whereis a location such as<DestinationFolder>~/pkgs/where you want to store the TGZ file.
- From the Linux endpoint, unzip the package.user@linuxhost:~$tar -xvf ~/pkgs/PanGPLinux-4.1.0.tgzAfter you unzip the package, you will see installation packages—DEB for Ubuntu and RPM for CentOS and Red Hat—and the scripts to install and uninstall the packages.
- Install and use the GlobalProtect App—See the
Recommended For You
Recommended videos not found.