When a user connects to the GlobalProtect
gateway for the first time, the GlobalProtect agent downloads a
configuration file and stores agent settings in a GlobalProtect Mac
property file (plist). In addition to making changes to the agent
settings, you use the Mac plist to deploy scripts at any or all
of the following events: before and after establishing the tunnel,
and before disconnecting the tunnel. Use the following workflow
to get started using the Mac plist to deploy scripts to Mac endpoints.
Mac plist settings that enable you to deploy scripts are supported
in GlobalProtect clients running GlobalProtect agent 2.3 and later
Clients running Mac OS X 10.9 or a later OS
Flush the settings cache. This prevents the OS from using the cached
preferences after making changes to the plist.
To clear the default preferences cache, run the
from a Mac terminal.
Open the GlobalProtect plist file, and locate or create
the GlobalProtect dictionary associated with the connect or disconnect
event. The dictionary under which you will add the settings will
determine when the GlobalProtect agent runs the script(s).
Use Xcode or an alternate plist editor to open the plist
create a new dictionary for the event or events at which you want
to run scripts.
Enable the GlobalProtect agent to run scripts by creating
The value specified here should reference the shell script
(and the parameters to pass to the script) that you want run on
your devices. See Mac OS Script Examples.
string does not already
exist, add it to the dictionary and specify the script and parameters
field, for example:
variables are supported.
a best practice, specify the full path in commands.
) Add additional settings related to
the command, including administrator privileges, a timeout value
for the script, checksum value for the batch file, and an error
message to display if the command fails to execute successfully.
Create or modify additional strings in the plist (