Deploy the GlobalProtect App Software

In order to connect to GlobalProtect™, an endpoint must be running the GlobalProtect app software. The software deployment method depends on the type of endpoint as follows:
PlatformDeployment Options
Mac and Windows endpoints
There are several options you can use to distribute and install the software on Mac and Windows endpoints:
  • Directly from the portal—Download the app software to the firewall hosting the portal, and then activate it so that end users can install the updates when they connect to the portal. This option provides flexibility by allowing you to control how and when end users receive updates based on the agent configuration settings you define for each user, group, and/or operating system. However, if you have a large number of apps that require updates, it could put extra load on your portal. See Host App Updates on the Portal for instructions.
  • From a web server—If you have a large number of endpoints that need to upgrade the app simultaneously, consider hosting the app updates on a web server to reduce the load on the firewall. See Host App Updates on a Web Server for instructions.
  • Transparently from the command line—For Windows endpoints, you can deploy app settings automatically using the Windows Installer (Msiexec). However, to upgrade to a later app version using Msiexec, you must first uninstall the existing app. In addition, Msiexec allows for deployment of app settings directly on the endpoints by setting values in the Windows registry. Similarly, you can also deploy app settings to Mac endpoints, by configuring settings in the Mac plist. See Deploy App Settings Transparently.
  • Using group policy rules—In Active Directory environments, the GlobalProtect app can also be distributed to end users through an Active Directory group policy. AD Group policies allow for automated modification of Windows endpoint settings and software. Refer to the article at http://support.microsoft.com/kb/816102 for more information on how to use Group Policy to automatically distribute programs to endpoints or users.
  • From a mobile endpoint management system—If you use a mobile management system, such as an MDM or EMM, to manage your mobile endpoints, you can use the system to deploy and configure the GlobalProtect app. See Mobile Endpoint Management.
Windows 10 phone and Windows 10 UWP
  • From a mobile endpoint management system—If you use a mobile management system, such as an MDM or EMM, that supports Windows 10 endpoints, you can use the system to deploy and configure the GlobalProtect app. See Mobile Endpoint Management.
  • From the Microft Store—The end user can also download and install the GlobalProtect app directly from the Microsoft Store. For instructions on how to download and test the GlobalProtect app installation, see Download and Install the GlobalProtect Mobile App.
iOS and Android endpoints
  • From a mobile endpoint management system—If you use a mobile management system, such as an MDM or EMM, you can use the system to deploy and configure the GlobalProtect app. See Mobile Endpoint Management.
  • From an app store—The end user can also download and install the GlobalProtect app directly from the Apple App Store (iOS endpoints) or from Google Play (Android endpoints). For instructions on how to download and test the GlobalProtect app installation, see Download and Install the GlobalProtect Mobile App.
Chromebooks
Linux
After you download the GlobalProtect app for Linux from the Support Site, you can distribute and install the app:
  • Using Linux app distribution tools—Linux app distribution is typically managed using third-party tools (such as Chef and Puppet), or using a local repository for the Linux operating system (for example, Ubuntu repositories and RHELrepositories). See the documentation for your Linux operating system for more information.
  • Manual installation—If you make the software available to your end users, they can manually install the software using Linux tools such as apt or dpkg. For instructions on how to install the GlobalProtect app for Linux, see the GlobalProtect App User Guide.
As an alternative to deploying the GlobalProtect app software, you can configure the GlobalProtect portal to provide secure remote access to common enterprise web applications that use HTML, HTML5, and Javascript technologies. Users have the advantage of secure access from SSL-enabled web browsers without installing the GlobalProtect app software. Refer to GlobalProtect Clientless VPN.

Related Documentation