Scripts Using the Mac Plist
When a user connects to the GlobalProtect gateway for the first time, the GlobalProtect agent downloads a configuration file and stores agent settings in a GlobalProtect Mac property file (plist). In addition to making changes to the agent settings, you use the Mac plist to deploy scripts at any or all of the following events: before and after establishing the tunnel, and before disconnecting the tunnel. Use the following workflow to get started using the Mac plist to deploy scripts to Mac endpoints.
The Mac plist settings that enable you to deploy scripts are supported in GlobalProtect clients running GlobalProtect agent 2.3 and later releases.
- (Clients running Mac OS X 10.9 or a later OS) Flush the settings cache. This prevents the OS from using the cached preferences after making changes to the plist.To clear the default preferences cache, run thekillall cfprefsdcommand from a Mac terminal.
- Open the GlobalProtect plist file, and locate or create the GlobalProtect dictionary associated with the connect or disconnect event. The dictionary under which you will add the settings will determine when the GlobalProtect agent runs the script(s).Use Xcode or an alternate plist editor to open the plist file (/Library/Preferences/com.paloaltonetworks.GlobalProtect.settings.plist) and go to the location of the dictionary:
IfSettingsdictionary does not exist, create it. Then, inSettings, create a new dictionary for the event or events at which you want to run scripts.
- /Palo Alto Networks/GlobalProtect/Settings/pre-vpn-connect
- /Palo Alto Networks/GlobalProtect/Settings/post-vpn-connect
- /Palo Alto Networks/GlobalProtect/Settings/pre-vpn-disconnect
- Enable the GlobalProtect agent to run scripts by creating a newStringnamedcommand.The value specified here should reference the shell script (and the parameters to pass to the script) that you want run on your devices. See Mac OS Script Examples.If thecommandstring does not already exist, add it to the dictionary and specify the script and parameters in theValuefield, for example:$HOME\pre_vpn_connect.sh /Users/username usernameEnvironmental variables are supported.As a best practice, specify the full path in commands.
- (Optional) Add additional settings related to the command, including administrator privileges, a timeout value for the script, checksum value for the batch file, and an error message to display if the command fails to execute successfully.Create or modify additional strings in the plist (context,timeout,file,checksum, and/orerror-msg)and enter their corresponding values. For additional information, see Customizable Agent Settings.
- Save the changes to the plist file.Save the plist.
Deploy Agent Settings in the Mac Plist
Deploy Agent Settings in the Mac Plist You can set the GlobalProtect agent customization settings in the Mac global plist (Property list) file. This enables ...
Deploy Agent Settings to Mac Clients
Deploy Agent Settings to Mac Clients Use the Mac global plist (property list) file to set GlobalProtect agent customization settings for or to deploy scripts ...
Deploy Scripts Using the Windows Registry
Deploy Scripts Using the Windows Registry You can enable deployment of custom scripts to Windows endpoints using the Windows registry. You can configure the GlobalProtect ...
Customizable Agent Settings
Customizable Agent Settings In addition to pre-deploying the portal address, you can also define the agent configuration settings. To Deploy Agent Settings to Windows Clients ...
Script Deployment Options
Script Deployment Options The following table displays options that enable GlobalProtect to initiate scripts before and after establishing a VPN tunnel and before disconnecting a ...
Mac OS Script Examples
Mac OS Script Examples You can configure the GlobalProtect agent to initiate and run a script for any or all of the following events: before ...
Collect Application and Process Data From Clients
Collect Application and Process Data From Clients The Windows Registry and Mac Plist can be used to configure and store settings and options for Windows ...
Deploy Agent Settings Transparently
Deploy Agent Settings Transparently As an alternative to deploying agent settings from the portal configuration, you can define them directly from the Windows registry or ...
Customize the GlobalProtect Agent
Customize the GlobalProtect Agent The portal agent configuration allows you to customize how your end users interact with the GlobalProtect agents installed on their systems ...