Deploy the GlobalProtect Agent Software

There are several ways to deploy the GlobalProtect agent software:
  • Directly from the portal—Download the agent software to the firewall hosting the portal and activate it so that end users can install the updates when they connect to the portal. This option provides flexibility in that it allows you to control how and when end users receive updates based on the agent configuration settings you define for each user, group, and/or operating system. However, if you have a large number of agents that require updates, it could put extra load on your portal. See Host Agent Updates on the Portal for instructions.
  • From a web server—If you have a large number of hosts that will need to upgrade the agent simultaneously, consider hosting the agent updates on a web server to reduce the load on the firewall. See Host Agent Updates on a Web Server for instructions.
  • Transparently from the command line—For Windows clients, you can automatically deploy agent settings in the Windows Installer (Msiexec). However, to upgrade to a later agent version using Msiexec, you must first uninstall the existing agent. In addition, Msiexec allows for deployment of agent settings directly on the endpoints by setting values in the Windows registry or Mac plist. See Deploy Agent Settings Transparently.
  • Using group policy rules—In Active Directory (AD) environments, the GlobalProtect agent can also be distributed to end users, using AD group policy. AD group policies allow you to modify Windows host computer settings and software automatically. Refer to the article at http://support.microsoft.com/kb/816102 for more information on how to use Group Policy to automatically distribute programs to host computers or users.
  • From a mobile endpoint management system—If you use an mobile management system such as an MDM or EMM to manage your mobile devices, you can use the system to deploy and configure the GlobalProtect app. See Mobile Endpoint Management.

Related Documentation