There are several ways to deploy the GlobalProtect agent
Directly from the portal
—Download the agent software
to the firewall hosting the portal and activate it so that end users
can install the updates when they connect to the portal. This option
provides flexibility in that it allows you to control how and when
end users receive updates based on the agent configuration settings you
define for each user, group, and/or operating system. However, if
you have a large number of agents that require updates, it could
put extra load on your portal. See Host
Agent Updates on the Portal for instructions.
From a web server
—If you have a large number of hosts
that will need to upgrade the agent simultaneously, consider hosting
the agent updates on a web server to reduce the load on the firewall.
Agent Updates on a Web Server for instructions.
Transparently from the command line
—For Windows clients,
you can automatically deploy agent settings in the Windows Installer
(Msiexec). However, to upgrade to a later agent version using Msiexec,
you must first uninstall the existing agent. In addition, Msiexec
allows for deployment of agent settings directly on the endpoints
by setting values in the Windows registry or Mac plist. See Deploy
Agent Settings Transparently.
Using group policy rules
—In Active Directory (AD)
environments, the GlobalProtect agent can also be distributed to
end users, using AD group policy. AD group policies allow you to
modify Windows host computer settings and software automatically.
Refer to the article at http://support.microsoft.com/kb/816102 for
more information on how to use Group Policy to automatically distribute
programs to host computers or users.
From a mobile endpoint management system
—If you use
an mobile management system such as an MDM or EMM to manage your
mobile devices, you can use the system to deploy and configure the
GlobalProtect app. See Mobile